wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-10 23:03:03 +02:00
Code Issues Projects Releases Wiki Activity

making sure private preshared is right

Browse source
This commit is contained in:
elreydetoda 2019-06-02 05:49:49 -04:00 committed by GitHub
parent 9d3ecd6bb5
commit f03b42c38b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
roles/wireguard/tasks/keys.yml
View file

@ -1,5 +1,5 @@
--- ---
- name: Delete the private lock files - name: Delete the lock files
file: file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/private_{{ item }}.lock" dest: "{{ config_prefix|default('/') }}etc/wireguard/private_{{ item }}.lock"
state: absent state: absent
@ -8,15 +8,6 @@
- "{{ users }}" - "{{ users }}"
- "{{ IP_subject_alt_name }}" - "{{ IP_subject_alt_name }}"
- name: Delete the preshared lock files
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: absent
when: keys_clean_all|bool
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- name: Generate private keys - name: Generate private keys
command: wg genkey command: wg genkey
register: wg_genkey register: wg_genkey
@ -26,26 +17,15 @@
- "{{ users }}" - "{{ users }}"
- "{{ IP_subject_alt_name }}" - "{{ IP_subject_alt_name }}"
- name: Generate preshared keys
command: wg genpsk
register: wg_genpsk
args:
creates: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- block: - block:
- name: Save keys - name: Save private keys
copy: copy:
dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}" dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}"
content: "{{ item['stdout'] }}" content: "{{ item['stdout'] }}"
mode: "0600" mode: "0600"
no_log: true no_log: true
when: item.changed when: item.changed
with_items: with_items: "{{ wg_genkey['results'] }}"
- "{{ wg_genkey['results'] }}"
- "{{ wg_genpsk['results'] }}"
delegate_to: localhost delegate_to: localhost
become: false become: false
@ -58,14 +38,44 @@
- "{{ IP_subject_alt_name }}" - "{{ IP_subject_alt_name }}"
when: wg_genkey.changed when: wg_genkey.changed
- name: Touch the lock file - name: Delete the preshared lock files
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: absent
when: keys_clean_all|bool
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- name: Generate preshared keys
command: wg genpsk
register: wg_genpsk
args:
creates: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- block:
- name: Save private keys
copy:
dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
content: "{{ item['stdout'] }}"
mode: "0600"
no_log: true
when: item.changed
with_items: "{{ wg_genpsk['results'] }}"
delegate_to: localhost
become: false
- name: Touch the preshared lock file
file: file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock" dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: touch state: touch
with_items: with_items:
- "{{ users }}" - "{{ users }}"
- "{{ IP_subject_alt_name }}" - "{{ IP_subject_alt_name }}"
when: wg_preshared.changed when: wg_genpsk.changed
- name: Generate public keys - name: Generate public keys
shell: | shell: |