Comment

Comment on Automate Generating WireGuard Config without Managing Existing Installation

rambos@lemm.ee ⁨1⁩ ⁨year⁩ ago

Creating a new client should be possible without messing up existing one. There are some options for managing clients using GUI like pivpn. I personally use OMV with wireguard extension

source

Sort:hotnew top

Skyline@lemmy.cafe ⁨1⁩ ⁨year⁩ ago
Sure, it’s possible. I could do it by hand, but the more clients you want to add, the more cumbersome the process. What I’d like is a tool to automate what is mostly a templating process.

source
- aard@kyu.de ⁨1⁩ ⁨year⁩ ago
  This should be trivially scriptable by ansible. Ideally you’d also transform your existing configuration into an ansible data structure so it can write out the complete config as that way is just more reliably - but ansible also is capable of editing stuff in place.
  
  I’m using a structure like this:
  
  wireguard: wg-mgmt: interface: address: 192.168.1.10/24 listen_port: 34800 private_key_file: /etc/wireguard/private.key passdb_entry: vpn/fi1-mgmt peers: aard_meteor: public_key: bmV2ZXIgZ29ubmEgZ2l2ZSB5b3UgdXAK allowed_ips: - 192.168.1.11/32 aard_zak: public_key: bmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duCg== allowed_ips: - 192.168.1.12/32
  
  To set up both server and client. I’m mostly adding other peoples systems, so I don’t know the private keys, and receive the public ones from them - but if you control both it’s also trivial to pull that information from the system you’re generating it on, and reuse it later.
  
  This is the template used for the wireguard configuration, this the task managing the wireguard setup.
  
  source