Creating a new client should be possible without messing up existing one. There are some options for managing clients using GUI like pivpn. I personally use OMV with wireguard extension
Sure, it's possible. I could do it by hand, but the more clients you want to add, the more cumbersome the process. What I'd like is a tool to automate what is mostly a templating process.
This should be trivially scriptable by ansible. Ideally you'd also transform your existing configuration into an ansible data structure so it can write out the complete config as that way is just more reliably - but ansible also is capable of editing stuff in place.
I'm using a structure like this:
wireguard:
wg-mgmt:
interface:
address: 192.168.1.10/24
listen_port: 34800
private_key_file: /etc/wireguard/private.key
passdb_entry: vpn/fi1-mgmt
peers:
aard_meteor:
public_key: bmV2ZXIgZ29ubmEgZ2l2ZSB5b3UgdXAK
allowed_ips:
- 192.168.1.11/32
aard_zak:
public_key: bmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duCg==
allowed_ips:
- 192.168.1.12/32
To set up both server and client. I'm mostly adding other peoples systems, so I don't know the private keys, and receive the public ones from them - but if you control both it's also trivial to pull that information from the system you're generating it on, and reuse it later.
This is the template used for the wireguard configuration, this the task managing the wireguard setup.
Getting the pubkey from a private key into a variable in ansible would look something like this:
- name: dump pubkey
shell: "wg pubkey < {{_pubkey_file}}"
register: _wg_pubkey
changed_when: false
- name: register pubkey
set_fact:
wg_pubkey: "{{_wg_pubkey.stdout}}"
when: >
_wg_pubkey is defined
It's then easy to dump it into a password store or something like that - if you check the repo in above links you'll see pass heavily used.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!