Automate Wireguard Key Generation #19

New issue

Open

opened 2023-08-13 22:14:15 +02:00 by so-rose · 0 comments

so-rose commented 2023-08-13 22:14:15 +02:00

Owner

Copy link

Currently, we must prepare the password-store with pre-generated Wireguard keys pseudo-like this:

wg genkey
pass insert path/to/private
pass /path/to/private | wg pubkey
pass insert /path/to/public

Save each in password-store under <host>_<private|public>_key.

Then, generate a "Pre-Shared Key" for each Peer-Peer:

wg genpsk > psk_peer_peer

This is obviously something that should be scripted; ideally in a dedicated Ansible playbook One key is generated per host, as well as one key per possible host interaction (it's a PK problem, yay!). That's a lot of typing.

The trouble is, the secret store is also involved, and must be written to thoroughly. Doing this properly, in a way that doesn't rely on a single developer's secret store, requires #18 to be implemented.

Currently, we must prepare the `password-store` with pre-generated Wireguard keys pseudo-like this: ```bash wg genkey pass insert path/to/private pass /path/to/private | wg pubkey pass insert /path/to/public ``` Save each in `password-store` under `<host>_<private|public>_key`. Then, generate a "Pre-Shared Key" for each Peer-Peer: ``` wg genpsk > psk_peer_peer ``` This is obviously something that should be scripted; ideally in a dedicated Ansible playbook One key is generated per host, as well as one key *per possible host interaction* (it's a PK problem, yay!). That's a lot of typing. The trouble is, the secret store is also involved, and must be written to thoroughly. Doing this properly, in a way that doesn't rely on a single developer's secret store, requires #18 to be implemented.

so-rose added the

deployment-usability

label 2023-08-13 22:14:15 +02:00

so-rose added this to the Refactor and Cleanup project 2023-08-13 22:14:15 +02:00

so-rose added a new dependency 2023-08-21 12:38:12 +02:00

#24 Configs/Secrets Bootstrapping & Management

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

v0.1.0

Labels

Clear labels   

availability

Something that can increase the uptime of services in a particular situation.

  

bug

Something is not working, or not working right.

  

deployment-usability

Related to the usability of the deployment method itself.

  

duplicate

This issue or pull request already exists

  

enhancement

Proposed enhancement or feature.

  

help-wanted

Issue that needs help in order to be understood or tackled.

  

question

More information is needed

  

security

Related to the security or privacy of the system.

  

stack-auth

Related to the auth stack.

  

stack-chat

Related to the chat stack.

  

stack-cleanup

Related to the cleanup stack.

  

stack-git

Related to the git stack.

  

stack-mesh

Related to the mesh stack.

  

stack-site-support

Related to the site-support stack.

  

wontfix

This won't be fixed, either by design, or due to other issues.

No labels

availability

bug

deployment-usability

duplicate

enhancement

help-wanted

question

security

stack-auth

stack-chat

stack-cleanup

stack-git

stack-mesh

stack-site-support

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Refactor and Cleanup

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Depends on

#24 Configs/Secrets Bootstrapping & Management

python-support/python-support-infra

Reference: python-support/python-support-infra#19

No description provided.