From 170cac057edbbf60086f65f7d2d7faa2ae598aa0 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Sat, 30 Nov 2024 16:28:27 +0100
Subject: [PATCH] Remove the WG private keys from the vault and store them only
on the servers
With the support for network.wireguard.* credentials[1] in systemd
v256[2], we can now easily avoid storing the credentials centrally in
our ansible vault, which is preferable as it makes the private keys less
exposed.
All the keys have been rotated and the new private keys are only stored
on the servers.
[1] https://github.com/systemd/systemd/pull/30826
[2] https://github.com/systemd/systemd/releases/tag/v256
---
docs/wireguard.md | 2 +-
host_vars/accounts.archlinux.org/misc.yml | 2 +-
host_vars/accounts.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/america.mirror.pkgbuild.com/misc.yml | 2 +-
.../america.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/archlinux.org/misc.yml | 2 +-
host_vars/archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/asia.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/aur.archlinux.org/misc.yml | 2 +-
host_vars/aur.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/bbs.archlinux.org/misc.yml | 2 +-
host_vars/bbs.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/bugbuddy.archlinux.org/misc.yml | 2 +-
host_vars/bugbuddy.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/build.archlinux.org/misc.yml | 2 +-
host_vars/build.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/dashboards.archlinux.org/misc.yml | 2 +-
host_vars/dashboards.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/debuginfod.archlinux.org/misc.yml | 2 +-
host_vars/debuginfod.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/europe.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/gemini.archlinux.org/misc.yml | 2 +-
host_vars/gemini.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/gitlab.archlinux.org/misc.yml | 2 +-
host_vars/gitlab.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/gluebuddy.archlinux.org/misc.yml | 2 +-
host_vars/gluebuddy.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/homedir.archlinux.org/misc.yml | 2 +-
host_vars/homedir.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/lists.archlinux.org/misc.yml | 2 +-
host_vars/lists.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/london.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/mail.archlinux.org/misc.yml | 2 +-
host_vars/mail.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/man.archlinux.org/misc.yml | 2 +-
host_vars/man.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/matrix.archlinux.org/misc.yml | 2 +-
host_vars/matrix.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/md.archlinux.org/misc.yml | 2 +-
host_vars/md.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/monitoring.archlinux.org/misc.yml | 2 +-
host_vars/monitoring.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/mumble.archlinux.org/misc.yml | 2 +-
host_vars/mumble.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/opensearch.archlinux.org/misc.yml | 2 +-
host_vars/opensearch.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/phrik.archlinux.org/misc.yml | 2 +-
host_vars/phrik.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/quassel.archlinux.org/misc.yml | 2 +-
host_vars/quassel.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/redirect.archlinux.org/misc.yml | 2 +-
host_vars/redirect.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/repos.archlinux.org/misc.yml | 2 +-
host_vars/repos.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/repro2.pkgbuild.com/misc.yml | 2 +-
host_vars/repro2.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/repro3.pkgbuild.com/misc.yml | 2 +-
host_vars/repro3.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/reproducible.archlinux.org/misc.yml | 2 +-
host_vars/reproducible.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/runner1.archlinux.org/misc.yml | 2 +-
host_vars/runner1.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/runner3.archlinux.org/misc.yml | 2 +-
host_vars/runner3.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/secure-runner1.archlinux.org/misc.yml | 2 +-
.../secure-runner1.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/security.archlinux.org/misc.yml | 2 +-
host_vars/security.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/state.archlinux.org/misc.yml | 2 +-
host_vars/state.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/sydney.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/wiki.archlinux.org/misc.yml | 2 +-
host_vars/wiki.archlinux.org/vault_wireguard.yml | 9 ---------
roles/wireguard/templates/wg0.netdev.j2 | 2 +-
80 files changed, 41 insertions(+), 392 deletions(-)
delete mode 100644 host_vars/accounts.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/aur.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/bbs.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/bugbuddy.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/build.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/dashboards.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/debuginfod.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/gemini.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/gitlab.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/gluebuddy.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/homedir.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/lists.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/mail.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/man.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/matrix.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/md.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/monitoring.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/mumble.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/opensearch.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/phrik.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/quassel.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/redirect.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/repos.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/repro2.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/repro3.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/reproducible.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/runner1.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/runner3.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/secure-runner1.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/security.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/state.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/wiki.archlinux.org/vault_wireguard.yml
diff --git a/docs/wireguard.md b/docs/wireguard.md
index cb9230e48..538463765 100644
--- a/docs/wireguard.md
+++ b/docs/wireguard.md
@@ -9,7 +9,7 @@ Many of our servers communicate through wireguard VPN with each others. If you n
wireguard_public_key: <wg-pubkey>
```
-1. Save the private key in a encypted vault in `host_vars/<fqdn>/vault_wireguard.yml`
+1. Generate private key on the server with `wg genkey | systemd-creds encrypt - /etc/credstore.encrypted/network.wireguard.private.wg0` and restart systemd-networkd with `systemctl restart systemd-networkd`
Tips:
- Pick next available IP for Wireguard from `grep -r wireguard_address host_vars/ | cut -f3 -d: | sort -h`
diff --git a/host_vars/accounts.archlinux.org/misc.yml b/host_vars/accounts.archlinux.org/misc.yml
index dcd5d9d17..a50740c7d 100644
--- a/host_vars/accounts.archlinux.org/misc.yml
+++ b/host_vars/accounts.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.16
-wireguard_public_key: 8CbVXc2+FllLpZb/sv/csHzqaOOsasJlV0gmkIzhBXo=
+wireguard_public_key: crSq52AQ/ODcZekod0Xw/fBRALl3yv51gNMgPSFrxWc=
diff --git a/host_vars/accounts.archlinux.org/vault_wireguard.yml b/host_vars/accounts.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 7dd3b7133..000000000
--- a/host_vars/accounts.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39656138306339653936386338383364616566313037393563383133323734383235366234663430
-3836316538373966643036336532653534643236333361370a393862653165343964363065643439
-30626338313066353930663036653734323364633537616536393439306134363964346434313663
-6663663431343637380a353731316331386466353537303537666663333239326462633636326438
-39343936653031316431383734316166663739393738366462636361313762393034656330653332
-66336534396134613333646666356266306633326138353131623634343436393533383736633066
-32373663313632393430313464396131396262616162613733613562616464353131656333323935
-63653836383737663337
diff --git a/host_vars/america.mirror.pkgbuild.com/misc.yml b/host_vars/america.mirror.pkgbuild.com/misc.yml
index f46c37c5b..f4a0bc5a9 100644
--- a/host_vars/america.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/america.mirror.pkgbuild.com/misc.yml
@@ -16,4 +16,4 @@ system_disks:
- /dev/sdc
raid_level: "raid5"
wireguard_address: 10.0.0.27
-wireguard_public_key: aC544PuXq63LgIeOvVD5dw++9XJE47YKUqeRw3ol0Qo=
+wireguard_public_key: 5oI+dah4LlkUPBs/JI5lJAgDxBQa/+ofu0hLfxAkcio=
diff --git a/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 6e7dd6a62..000000000
--- a/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39393666386564646432636132366332363234636531363930663564316235386639613431656337
-3533376363376332646161316230343566326266323230350a343561303331656134346634633132
-33333062303732363138373936363061303063306632636234363737623931613938653563353630
-3838356538316531380a306563613562376135656164363065346136376231666532313433326661
-39353831616463343833313361643032366363383565303235363733613964386137643236646661
-63656237663637653564396165306534316438663534356361333561643637663166363433313832
-38313563666636343737656530393061336262333334343166393862316432343162653266626366
-38623764343939386635
diff --git a/host_vars/archlinux.org/misc.yml b/host_vars/archlinux.org/misc.yml
index 4aa2c3dc5..26d40e708 100644
--- a/host_vars/archlinux.org/misc.yml
+++ b/host_vars/archlinux.org/misc.yml
@@ -11,5 +11,5 @@ fail2ban_jails:
dovecot: false
nginx_limit_req: true
wireguard_address: 10.0.0.1
-wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
+wireguard_public_key: 2Mk9WPdkf+1Q6Kk6g5eeX5xSHfCisiGJAdmSjRyefBo=
nginx_enable_http3: true
diff --git a/host_vars/archlinux.org/vault_wireguard.yml b/host_vars/archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 27a817afd..000000000
--- a/host_vars/archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-33623361656563376138323966373530383432393838323238343661306531363262653864626530
-3137643364303338663665343837343862356139633830370a633766373830306561353562656634
-63333861616437326132343765356231373963386563386131343462623962386333376236363339
-3433376666383135360a636663616238346435613635353834393739336234336536336366393835
-66616266356531663365633362333363376439633835616466633338353033376366633461653830
-33663763616233396636613661623138313831316436383566363361383535363766363764613164
-39336636393438363632383964303936346165633464616636386265356538383064333464316636
-31633635313539383134
diff --git a/host_vars/asia.mirror.pkgbuild.com/misc.yml b/host_vars/asia.mirror.pkgbuild.com/misc.yml
index 4fa7b4597..ad97f4e4c 100644
--- a/host_vars/asia.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/asia.mirror.pkgbuild.com/misc.yml
@@ -16,4 +16,4 @@ system_disks:
- /dev/sdc
raid_level: "raid5"
wireguard_address: 10.0.0.26
-wireguard_public_key: Bvia4T68/PCa01MSg+wclUJ1rJ5Hth9khui3y3Tr5EM=
+wireguard_public_key: cU2/3DKCNCWJwZP6SF7ifKHS+VFeC7VQ212eTof8IxU=
diff --git a/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 8aacbbc24..000000000
--- a/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31366437643838616630653261666262376336623336363235386333313639633364626436366437
-3038366565393761643434623166363863326638666634340a353562383664373264636166346562
-38316634653136313038346261376434623030346464363465343235653365633932656131343936
-3433386162313537330a373538306161616263653937363335616666303639306461656433653233
-37323532336639666539353237393939336337363833646366363035393631626633636437333263
-65333831353362613364656135643131633738303134366361643561366538306430323161363130
-64396230653231636532396339316236643536663938643036636664653564343538663162393336
-61383037333965396330
diff --git a/host_vars/aur.archlinux.org/misc.yml b/host_vars/aur.archlinux.org/misc.yml
index c30553ba3..c70a8b310 100644
--- a/host_vars/aur.archlinux.org/misc.yml
+++ b/host_vars/aur.archlinux.org/misc.yml
@@ -6,5 +6,5 @@ fail2ban_jails:
nginx_limit_req: true
memcached_socket: "/run/memcached/aurweb.sock"
wireguard_address: 10.0.0.2
-wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
+wireguard_public_key: 51KGJWs3ZlI4tEdOpYFENhf22aETQEn9ApbmVyiF4zQ=
nginx_enable_http3: true
diff --git a/host_vars/aur.archlinux.org/vault_wireguard.yml b/host_vars/aur.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 2e5f684fd..000000000
--- a/host_vars/aur.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38303834643063336663396561303562333061313961346265666162313933323862386633306231
-3033663637323139626363343033663864656432393461610a643162623931326362653964373865
-64303239643366323834393136306434643239393865303663626439376238333131323163326165
-3138643036373536660a386236373536643937353132333933666664653132366361343839333932
-63363265383962626136616562633363306464616333346661366235303332636435343664396466
-39393936383038303663336431323034633730343432306233613731613064333261643938633166
-62623037393063353965336634326135663535613661343164316336643536303135353631613336
-30643062303161336532
diff --git a/host_vars/bbs.archlinux.org/misc.yml b/host_vars/bbs.archlinux.org/misc.yml
index 9f1d8614c..d59ffba8c 100644
--- a/host_vars/bbs.archlinux.org/misc.yml
+++ b/host_vars/bbs.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.17
-wireguard_public_key: i65GF9BaoTDvTXLJBpZWbuu2jV3F2mc0tH16Y6cQY1g=
+wireguard_public_key: F5gX6SV5aka/fxEkgsVm1YRCYoeDY6d/H5C9U3/SrVU=
diff --git a/host_vars/bbs.archlinux.org/vault_wireguard.yml b/host_vars/bbs.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 67edb1481..000000000
--- a/host_vars/bbs.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65346463623631643532663531316535373432383537343833613536643764353965376331333833
-3866313230356133326132633834376564396132393637360a346263393438633966663536643338
-37313034363665333433663163313334386437346635663336313363386534383635343463383935
-6330343133626235610a643536303231343435383265366434373562363236376233303365393430
-63353961663432316438653932326339653961646634343034373739643330363562633164343539
-38323061336364366533626536383661666238633230653466626361326466356534303735393464
-31393536653832366661393061663862366563333134333930373365316562386137323132613130
-32646164663865346363
diff --git a/host_vars/bugbuddy.archlinux.org/misc.yml b/host_vars/bugbuddy.archlinux.org/misc.yml
index 394edb390..602cad0f5 100644
--- a/host_vars/bugbuddy.archlinux.org/misc.yml
+++ b/host_vars/bugbuddy.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.44
-wireguard_public_key: vtu2TM79djeQQA0qqPVuZHxSHz8hdHQ1P15ONF6zSx4=
+wireguard_public_key: /x1Czg/8u24dVhi+WMSGeSbw2HKk3la0K8X1WsDk7yA=
diff --git a/host_vars/bugbuddy.archlinux.org/vault_wireguard.yml b/host_vars/bugbuddy.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 828a374cd..000000000
--- a/host_vars/bugbuddy.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36623330313366306639313763636132616435633030616363383733386663373966396466396532
-6239386539646333383436653435613731323666346365310a363663353436323562353930336662
-31303162656166333165303966346137363266393763383463633636623330373966376537623433
-3432353931333031610a663365653431356536343861363964323861366130636161633461323165
-65633966386166663064393830333061633466313033356538643466323138346531313838663133
-31356665323935316165633836636436316137356565323930393766623661393334306139343061
-37646266373236643332333736326264333866396137623237383361333362333832326161636461
-31616262616538643233
diff --git a/host_vars/build.archlinux.org/misc.yml b/host_vars/build.archlinux.org/misc.yml
index 0d926259d..6afda18b4 100644
--- a/host_vars/build.archlinux.org/misc.yml
+++ b/host_vars/build.archlinux.org/misc.yml
@@ -14,4 +14,4 @@ raid_level: "raid1"
archbuild_fs: 'btrfs'
wireguard_address: 10.0.0.18
-wireguard_public_key: /P8QGSFgvRETkYdsvAtNQWWT3pE7FpouCz+x1N4yIm4=
+wireguard_public_key: 9Lii487Uuzu5ihJwHx6RBpCiUWRHl9VGwC+Oz5wzejk=
diff --git a/host_vars/build.archlinux.org/vault_wireguard.yml b/host_vars/build.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 35a1b1abd..000000000
--- a/host_vars/build.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34353334323261383932313330303432363235663333643237613030346161313166383662313863
-6630323266346530646363333164656433366134626537380a366232303237656138336464626139
-34653130326137303465626130373437333238323936343661663466343036663233333736663732
-6161366463343234620a353833623438336633333562386366343638623339363235656138333931
-61333732326532653536376133313861333837303064616239646361366531373261666263343236
-63353234313634623131666566353738313566383136663366623761373466623530326465326132
-63383830363039313666666136353435623863383164613736303034346336316663316339616161
-37663539323132616462
diff --git a/host_vars/dashboards.archlinux.org/misc.yml b/host_vars/dashboards.archlinux.org/misc.yml
index 24ec725ab..f3d59778f 100644
--- a/host_vars/dashboards.archlinux.org/misc.yml
+++ b/host_vars/dashboards.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
ipv4_address: 157.90.255.107
wireguard_address: 10.0.0.33
-wireguard_public_key: lLZtvFIrmtUXRXmw+qQC8LZ00NzN1wlvcI4grNWt2lE=
+wireguard_public_key: Vv2qAjdcPpAvt1hOV5zc4WR6iTqmiPdDNr5+9Wv2Jw4=
diff --git a/host_vars/dashboards.archlinux.org/vault_wireguard.yml b/host_vars/dashboards.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 0e0635bde..000000000
--- a/host_vars/dashboards.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-37393533623530623933343165626263336435303161356262626137643866363763356162383164
-6331393262656363303261346361396131303566643634360a363632656333343533353162326630
-62373738383865383362666534336135346533643935333631373234373139366432306532636632
-3632356365313166610a393137356532363161386232393839386634313131353138383061306337
-30363939376639383234366239376230333266396633363261346265323337386333326231633162
-39363036646539396464376637303732653530323164663266383264356662653462353135373137
-33343462653434646430316233303161353131633366656133396362313632633663353938613837
-39643334316165653332
diff --git a/host_vars/debuginfod.archlinux.org/misc.yml b/host_vars/debuginfod.archlinux.org/misc.yml
index 24c6fcf8a..4f385dfa6 100644
--- a/host_vars/debuginfod.archlinux.org/misc.yml
+++ b/host_vars/debuginfod.archlinux.org/misc.yml
@@ -2,4 +2,4 @@ filesystem: btrfs
ipv4_address: 168.119.240.111
ipv6_address: 2a01:4f8:c010:74d4::1
wireguard_address: 10.0.0.35
-wireguard_public_key: Wp9ruR2+pCj0TsATuJZiUxk9x6BwcUhXs/yZlmGYjRE=
+wireguard_public_key: R3ZlD7HmoiGH2FyIGSaiYc1hIA7JHp3ivXQlRGc7iyA=
diff --git a/host_vars/debuginfod.archlinux.org/vault_wireguard.yml b/host_vars/debuginfod.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index b395246fa..000000000
--- a/host_vars/debuginfod.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-61343637613538316638633261366364313430343464663133316466636666366233643062373133
-3335333266643631623933646261313532393564653631380a616561636336643139353039626431
-63303531656163333965653262396536353631353366373135313666393236383633363434376535
-3161323733613963340a623733633362306465653162663434363838326665633338333836646236
-61383336623365383236393866653465633834376139366435303839343032303430363736306533
-33633434356563373932313861363666376432376264383933323262396430656630633862383237
-62333435303239396537306362323866653230313733386332636164333066633334303738333061
-30633265623035633231
diff --git a/host_vars/europe.mirror.pkgbuild.com/misc.yml b/host_vars/europe.mirror.pkgbuild.com/misc.yml
index 42be3532f..031e2f146 100644
--- a/host_vars/europe.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/europe.mirror.pkgbuild.com/misc.yml
@@ -16,4 +16,4 @@ system_disks:
- /dev/sdc
raid_level: "raid5"
wireguard_address: 10.0.0.28
-wireguard_public_key: rg3PyaA3nXNZt2C8l4tvzMiTOT47a/jU11WR3EzU0Co=
+wireguard_public_key: 3C9yMutZJfOn2UkOhnGeM9DnLFJaeo6uTY9CGRlBZVM=
diff --git a/host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index d5fc6c6af..000000000
--- a/host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-63336430306539626434643065393363633038356666376233346339616663636266383961333234
-6636383163326238373837613831316633323762376634610a353266623334323232353362373432
-65623034326266313135616235313663326166616534376530343032373865313938333831393961
-6436666262353331650a336465636435383635326433353735663135343931346531643533633735
-61343064353137626635353361623334326436393366376161633337333161396466666138623533
-64343937313233633834306337356136333339633131663130653966303164343436383238653036
-39323461386631336230346461323161313361386332383730316162636434623234613932363132
-32383662633166383530
diff --git a/host_vars/gemini.archlinux.org/misc.yml b/host_vars/gemini.archlinux.org/misc.yml
index 57221a701..2920396e8 100644
--- a/host_vars/gemini.archlinux.org/misc.yml
+++ b/host_vars/gemini.archlinux.org/misc.yml
@@ -16,4 +16,4 @@ raid_level: "raid10"
archive_domain: archive.archlinux.org
wireguard_address: 10.0.0.20
-wireguard_public_key: 6foPuhPBEUi+tPP7PjFT1nKpEksyyqT8zAX+yOjWDVo=
+wireguard_public_key: GiMqMcJ7aEuW6rRwXsj27S+w7orx7Etnjq+dE6RhoSc=
diff --git a/host_vars/gemini.archlinux.org/vault_wireguard.yml b/host_vars/gemini.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index bb6ca687c..000000000
--- a/host_vars/gemini.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38353761363039393465666663343232333730633633623363626238313734316466333038623563
-3539363134386663623837633332623062313537613137390a376261626466616138613838386664
-62366238373334346335356330393737383531353862616564336630326435666362646634313137
-3336663535333266660a626336643663343764346637303635636338346430633066353965633331
-63353131616434376238306165616432333331646334316262613564396535633831646235636339
-39656335656663323131613033373136613965343266316631366437343139626333313735346230
-33623532356437363262353330656431336238323535376633336262643836616334306463373064
-32353562616465323637
diff --git a/host_vars/gitlab.archlinux.org/misc.yml b/host_vars/gitlab.archlinux.org/misc.yml
index 8e2fff52a..9438ba5ee 100644
--- a/host_vars/gitlab.archlinux.org/misc.yml
+++ b/host_vars/gitlab.archlinux.org/misc.yml
@@ -3,7 +3,7 @@ filesystem: btrfs
enable_zram_swap: true
additional_addresses: ["213.133.111.6/32", "2a01:4f8:222:174c::2/64"]
wireguard_address: 10.0.0.5
-wireguard_public_key: EbZisS0fwM6B8Nkugy1lyox+A8L13hniucVIPVCK5R0=
+wireguard_public_key: ebEWzriL3dohjDP49Hp+SGHZBnzx8fjnohDN3igQlCc=
hostname: "gitlab.archlinux.org"
network_interface: "en*"
ipv4_address: "213.133.111.15"
diff --git a/host_vars/gitlab.archlinux.org/vault_wireguard.yml b/host_vars/gitlab.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 07d4a86f6..000000000
--- a/host_vars/gitlab.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62333862633232666133396661646562343766373561306530393438666532333766316565396439
-3139653036626231376135353438643164633632333430330a313836393862396636303539623732
-36396438616364396161333837366630373033326165663566393638623664383062663036636161
-3333623232393932650a343530616562316538366236376133663161353432656232366639316333
-34373232303731356134646437666432613931363863353934393338636438663133366131633765
-36626163623832356264326637363664303532383236303066343730303338343164616331616130
-63393830313239336662386563303763336537636364396265653763626231323535623931663733
-31643134323036366535
diff --git a/host_vars/gluebuddy.archlinux.org/misc.yml b/host_vars/gluebuddy.archlinux.org/misc.yml
index 71dafc5ef..22549439f 100644
--- a/host_vars/gluebuddy.archlinux.org/misc.yml
+++ b/host_vars/gluebuddy.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.36
-wireguard_public_key: iiwiHp6b9fmepXLNZ0xFMWIhF2u2a8oEpQI1TTDR4zI=
+wireguard_public_key: YqQMISqTUwXPphhfBDXGcbwjEkz8xgtsnaazFCIGgmk=
diff --git a/host_vars/gluebuddy.archlinux.org/vault_wireguard.yml b/host_vars/gluebuddy.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 36f3e7c5d..000000000
--- a/host_vars/gluebuddy.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35653438346435353864333261343463303935353839656630646562383533343363343737656261
-3232383964383163666464626464623861373838316630390a346232373835623531616530363839
-32656164656234626231353938626431306265623939343334623938653530306665306338363365
-3530323765396365610a643364333239666533366231633964356333656531336438656164343034
-30613066653961343066613735663161626361393863656135326162666632646237383037383464
-62313230343739316137303134313161633331393165636138376666303431353430383265343361
-34353339643737366331366631383736356564623436306266663233333033383134393364653538
-35313833623238383263
diff --git a/host_vars/homedir.archlinux.org/misc.yml b/host_vars/homedir.archlinux.org/misc.yml
index 2cedefb56..bcb61456d 100644
--- a/host_vars/homedir.archlinux.org/misc.yml
+++ b/host_vars/homedir.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.13
-wireguard_public_key: 0MrXhX6fmtetZ1Rnu93+rQ8yWgOmxrwyY/hXSsy98FI=
+wireguard_public_key: 67qt5z1YsqhLTnMFo96YoDwtXDFmukF3EcWtrV5ZCHA=
diff --git a/host_vars/homedir.archlinux.org/vault_wireguard.yml b/host_vars/homedir.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 89ffd4b6c..000000000
--- a/host_vars/homedir.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30376666373438653038303032343464623137316436326166623165633662373332643862633430
-3233323766326364303664396461303734323237323938640a373737383531336433666136653335
-35343036333037316536323335393562306531616565343533613663356635366365313565646437
-6262653233623464350a623561396338306465633836386639383837323963643163313539346135
-62366663393561613562336363626431646161356233336332363863343835303535353465653731
-39383539386136666230313537626664353531613063643534346237336566656232336239623439
-63316135316439626431633737323539323235383564633438653264323164386634656336666665
-37383966663335333639
diff --git a/host_vars/lists.archlinux.org/misc.yml b/host_vars/lists.archlinux.org/misc.yml
index 88b8ca576..78a395dea 100644
--- a/host_vars/lists.archlinux.org/misc.yml
+++ b/host_vars/lists.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
ipv4_address: 95.217.236.249
wireguard_address: 10.0.0.34
-wireguard_public_key: t6Er4qAMe/lWNnAByWdXhbUwXKYfj9CkkJgMp28UQl8=
+wireguard_public_key: XUbI7fDRKPbG/MIfgH3c4fNhC28F4aXWvknOEV3CxUg=
diff --git a/host_vars/lists.archlinux.org/vault_wireguard.yml b/host_vars/lists.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 3475cb29a..000000000
--- a/host_vars/lists.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30376334303766393530356533356236313866373362313461306661303663343764313238333064
-3332633062616133643331363765636534646666336634360a373630646436623962643532353430
-64306462373461313962636535613831623336303231643665303962353263323533313361366562
-3937393761303434330a663366623862636137346230653665343238323166303761353231643633
-30623061343234643136323338386333363336366162656463656439363631636661366535326264
-33616636343239383735373230306164346163663765633165376136626430653238333630613033
-34323863333865386535343032373531626464356537626531353563633239356665663463343435
-30313365356632356336
diff --git a/host_vars/london.mirror.pkgbuild.com/misc.yml b/host_vars/london.mirror.pkgbuild.com/misc.yml
index fade8a9a1..ceea6704b 100644
--- a/host_vars/london.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/london.mirror.pkgbuild.com/misc.yml
@@ -14,4 +14,4 @@ system_disks:
extra_disks:
- /dev/xvdb
wireguard_address: 10.0.0.43
-wireguard_public_key: FuhMj8Vrk0HUR10O2dmgeXtw+bMAuhNesYD+h0lKgSc=
+wireguard_public_key: PRjfJjtYe8GtihCw2cm+ocWFZpEtVdKC3B1C5AsPC1A=
diff --git a/host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 840b56545..000000000
--- a/host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30663137336130633937383231343062333664636631323739373164663563363565383435633362
-6331356532616630373432373031383139613633646461330a373936663337326633656464353862
-36326239373864383662343737313436653639383562303433363634323562653637373236653736
-3765663532643338650a626433353131353730623864646535646138333236316563353032616235
-38653765306433656539383533653930376564663361356134303539316335636435616130383234
-63346238323761343635326263396362656663363237336232663039346465656265616366373433
-36353862386661366563366535383439333531656564366238323032656232633462336166343766
-37613432323131623461
diff --git a/host_vars/mail.archlinux.org/misc.yml b/host_vars/mail.archlinux.org/misc.yml
index 59af3f7a6..1578747fc 100644
--- a/host_vars/mail.archlinux.org/misc.yml
+++ b/host_vars/mail.archlinux.org/misc.yml
@@ -11,4 +11,4 @@ fail2ban_jails:
ipv4_address: "95.216.189.61"
ipv6_address: "2a01:4f9:c010:3052::1"
wireguard_address: 10.0.0.14
-wireguard_public_key: +RJ/ZNRmw2uCHxSjJZHftk7lWUl5nJ6VSZww8GPwhEI=
+wireguard_public_key: zB4ALQPMOYu8yzGdiDL1AHgowmVZHc2OUJq1igy3Ixo=
diff --git a/host_vars/mail.archlinux.org/vault_wireguard.yml b/host_vars/mail.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index d265d493d..000000000
--- a/host_vars/mail.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62626465353239316533326230313635626163313135623035626565326434663662646638396434
-6366633335633138616232313937373137656461346533630a306261643164386537336632306165
-34656236666464393437326662616264373564326533636333353037663439626331383836623364
-3261336364376535360a313531333734346361313565666463393133633232363264653336363962
-64616239366539643664343664313763613739336665313965366134383534646439373535333064
-35366237636161636638653264313161633664376439336431306238646631303364653733343363
-38336430316636626633376464366135666465393133313664303766366662386135343562323961
-62316563313335653738
diff --git a/host_vars/man.archlinux.org/misc.yml b/host_vars/man.archlinux.org/misc.yml
index 20670b4f3..309361c0e 100644
--- a/host_vars/man.archlinux.org/misc.yml
+++ b/host_vars/man.archlinux.org/misc.yml
@@ -5,4 +5,4 @@ fail2ban_jails:
dovecot: false
nginx_limit_req: true
wireguard_address: 10.0.0.32
-wireguard_public_key: PkAuiYdsDs4eI9JytK8MUCK1umDblQHg1SH+Z80zs30=
+wireguard_public_key: CuhJyhmHsi0ccdeXgXRacqnFVfYrjVDHxfPPOLehkhw=
diff --git a/host_vars/man.archlinux.org/vault_wireguard.yml b/host_vars/man.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e5522b614..000000000
--- a/host_vars/man.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38616234353738326336653335323964663662306561626566643536613433633836386661366531
-6437303134663639633730386132643239363338346631350a343035326230623337636539653163
-39333736623832653661663237366632373835653536323038333966646330643433363136303232
-3133306331353433300a653031313937363932663333373639343030313539363361653239326634
-34623736646634626263636430303863336364363731386335666638383530626630343534396363
-37383865643135356463656637333535343130303736636162363437636338643866333263616565
-38653133336666663336346535376362333730323831626666346231343431333662343562656238
-63336131343538623136
diff --git a/host_vars/matrix.archlinux.org/misc.yml b/host_vars/matrix.archlinux.org/misc.yml
index a55baad62..0b9c4c827 100644
--- a/host_vars/matrix.archlinux.org/misc.yml
+++ b/host_vars/matrix.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
static_dns: true
wireguard_address: 10.0.0.15
-wireguard_public_key: QWkTL58mJd0+Lz5AvGVmbdSSk29y/W60WUdhTgyGLCk=
+wireguard_public_key: Oh6gZG9HbchVM6xiYOJQ6JpF6QD7EeRD7Xa6c5fr5CA=
diff --git a/host_vars/matrix.archlinux.org/vault_wireguard.yml b/host_vars/matrix.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 62fe048cb..000000000
--- a/host_vars/matrix.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36613831313163623938383038323864636135343739353730363235613863346165346139326533
-6230386139626263386234393034316132326266636463360a646365313036376664663338396631
-39316563356164396564333734303934666139383233313833353139343165376135386562333431
-3335336265623531630a666235666538666330623739376566343336353334313831623661646662
-35303535353333343266343061633836383361623766653433333936393837306161366161333332
-39356264326235373338316331353365666461313133373135393233326661366134313466653462
-38366135633661666135356338636665663636323839353830653364346130633466623636623733
-62386133323037656163
diff --git a/host_vars/md.archlinux.org/misc.yml b/host_vars/md.archlinux.org/misc.yml
index eeb99d450..c8e3e8849 100644
--- a/host_vars/md.archlinux.org/misc.yml
+++ b/host_vars/md.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.31
-wireguard_public_key: eCIzf+ckdWPvJYjNaxdlLRH9kq9mfJZswA8KwCmtJgQ=
+wireguard_public_key: g7VwZ5+sEAaKfMY/322ajv2tAXarJj96u9mhH3SK6no=
diff --git a/host_vars/md.archlinux.org/vault_wireguard.yml b/host_vars/md.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e477a0388..000000000
--- a/host_vars/md.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31623265383262313831373633626639636234613863316666613066663565333830376134353763
-6536636564383531363065663932306135663762666266330a613638326239396663353163373237
-30643364373932346161303137383631346235313430356664396639313135303031623566613266
-3132343161383163610a623236303366376166633463383436656338303232653663393332313031
-34316136306237663236336539346330653833336435333835643131396135663661613532393736
-38373437343031346336396230303733326136356635306530343933393530366237393862663663
-37366231316266623235316162313930306436396465663265636638623063323366363166643965
-64656366623263393462
diff --git a/host_vars/mirror.pkgbuild.com/misc.yml b/host_vars/mirror.pkgbuild.com/misc.yml
index fabd834ff..1d0c4bc91 100644
--- a/host_vars/mirror.pkgbuild.com/misc.yml
+++ b/host_vars/mirror.pkgbuild.com/misc.yml
@@ -7,4 +7,4 @@ ipv4_netmask: "/32"
ipv6_address: "2a01:4f8:c2c:c62f::1"
ipv6_netmask: "/64"
wireguard_address: 10.0.0.12
-wireguard_public_key: auE2J1+MYo59uZIwADncjCfSX7/Q0YdvmG+CVIgvtgo=
+wireguard_public_key: T15w8Cgri7djo6an/uG/8yr8f5KAsnnKyTgIw4dkr2I=
diff --git a/host_vars/mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 25247efde..000000000
--- a/host_vars/mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62626230326130313737373364316363346633353133373761386232616438333631313761363264
-3961373438333933386432343563346238623137653639350a323365663562373737383463306166
-39326335366439666239386536623939336132313432336638393663633535663538396434613066
-3062636561323964390a656464313464623764303332343332653337383130373138323165626137
-64626536613266653032393837376561616132366436636666386636616664346161636630613966
-37666535643834396536323136313331356630653335386133626464353064626532636665666231
-66336663663139373563303838636131663530646632333536363362653663386632316133313038
-62316633363362376164
diff --git a/host_vars/monitoring.archlinux.org/misc.yml b/host_vars/monitoring.archlinux.org/misc.yml
index 6103dd420..4e6eb2d25 100644
--- a/host_vars/monitoring.archlinux.org/misc.yml
+++ b/host_vars/monitoring.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
ipv4_address: 95.217.220.31
wireguard_address: 10.0.0.4
-wireguard_public_key: LR3lPa9ABwUkvbm3NqdxeAqX+NOG8FpbICG/+1Ra5lg=
+wireguard_public_key: h+Zio6WZ+Q2mrC48eLARL+9pKveFh5QM3mckFkfcLSQ=
diff --git a/host_vars/monitoring.archlinux.org/vault_wireguard.yml b/host_vars/monitoring.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 83fcdcc71..000000000
--- a/host_vars/monitoring.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36666165326462633137383036363030393739623732633861613630393963383963643233396138
-6661656539326562633336353366653365393161626663350a626135343361333637313464616636
-62326165623663613739393538626362303131623063383439656530346666653432356637613466
-6465356361643332380a623764346134323432376235373231623831633931323236623838613833
-66366265643166653932653133373131303739383239323936336336316232643533313963616537
-66356137643465376134626438616163393636636435356265323166316664636532616435373239
-63393232316439346432343835653265303761653236386338353564343063646430363133363462
-32343637313639396335
diff --git a/host_vars/mumble.archlinux.org/misc.yml b/host_vars/mumble.archlinux.org/misc.yml
index fb85020c4..ed1b2e49c 100644
--- a/host_vars/mumble.archlinux.org/misc.yml
+++ b/host_vars/mumble.archlinux.org/misc.yml
@@ -9,6 +9,6 @@ fail2ban_jails:
dovecot: false
nginx_limit_req: false
wireguard_address: 10.0.0.46
-wireguard_public_key: jiA9adrFKJuZsxS1DMHi+gkb4iWj3w0CNGWY/elxpzk=
+wireguard_public_key: BD2cbLkESFRPLy4luZlwEPc45yBFmd1Ti2nSFd1hVBQ=
certbot_dns_support: true
certbot_tsig_name: mumble
diff --git a/host_vars/mumble.archlinux.org/vault_wireguard.yml b/host_vars/mumble.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index b2e3c7221..000000000
--- a/host_vars/mumble.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30613530316630386565666462353635333163343337383639346132366562616533323036633433
-3131353639386564353062626639313937333661323535610a353463353866303962333230633632
-64316664643431616537396233363730333332633134376661633137643135366461643531626363
-6435613738396132650a353130653335373630356336613339363463313562323962373833363831
-32663166366135323939386336663061356637616364636439323430633837616534663139396562
-62333964613937623763646637346136363638613138366335383765376131666536363539353938
-34653030393432373666663934386439396135346532373739333838373036326531656635663532
-64306330643130663936
diff --git a/host_vars/opensearch.archlinux.org/misc.yml b/host_vars/opensearch.archlinux.org/misc.yml
index 961fa4e60..ecb89c703 100644
--- a/host_vars/opensearch.archlinux.org/misc.yml
+++ b/host_vars/opensearch.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.42
-wireguard_public_key: 2f19yTsYkrv5xp7V4kREsuisbFc7Wew3gxd7sS/LyXc=
+wireguard_public_key: CRtFlKdquOb5P62czuhhzA10teUh/iY/xPPEoOj2gFM=
diff --git a/host_vars/opensearch.archlinux.org/vault_wireguard.yml b/host_vars/opensearch.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 074f8eddd..000000000
--- a/host_vars/opensearch.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66386538386463623062666662656563383738343831326166383361333365383231663232383662
-6530633164346531613431343530373334376437373132650a383731653464626236346265346638
-35303861636134663839363236626335303035633730363339613331643535323938356436373065
-3266616166663330660a346338303830313136386338323135353563636539393261616562616262
-36326438353233316661383231613639393437616336653734613330376334376563386231346334
-62313733313265383963396665623566623232346363633566323439303466383835346134353432
-63323039643932643663323538383563623134313730653336623631383363346239613038633030
-31616365656634326339
diff --git a/host_vars/phrik.archlinux.org/misc.yml b/host_vars/phrik.archlinux.org/misc.yml
index 63bef3a15..3c8de337a 100644
--- a/host_vars/phrik.archlinux.org/misc.yml
+++ b/host_vars/phrik.archlinux.org/misc.yml
@@ -7,4 +7,4 @@ arch_users:
- tu
arch_groups: []
wireguard_address: 10.0.0.9
-wireguard_public_key: ETzZyW9HAwDmJffZOiLH+DF+wl7bR37NYDEtn/zm+hk=
+wireguard_public_key: ZDCc0Flid5Fv0fezfioduAyLJzFiPenQTjXFtoFadiM=
diff --git a/host_vars/phrik.archlinux.org/vault_wireguard.yml b/host_vars/phrik.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 48f7aaf26..000000000
--- a/host_vars/phrik.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38626464643564313732323435613965383239376631306566616263343165356161313031396433
-6139646439386531383533333237303530653636356461300a633934303633623764366438383132
-62366337353362343364396230336430373830313339613865653636333463656437616461313737
-3534333537646436620a316132656263306338346264616531373630353862323838626339636232
-36363136376431643263623235653264663934613439316136333337343762386561313834646264
-39386431396661616162666330623435616131363137373461306337613930666539653634396434
-66633231383232343832346636616232343539373831666534363031303965313532363632336535
-36366439653236653363
diff --git a/host_vars/quassel.archlinux.org/misc.yml b/host_vars/quassel.archlinux.org/misc.yml
index b5f206f0e..fb1128cb3 100644
--- a/host_vars/quassel.archlinux.org/misc.yml
+++ b/host_vars/quassel.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.10
-wireguard_public_key: 4SFiwJRHbGSDtEypEDhS6ar2jmwfBwthPSGHZ8XShXY=
+wireguard_public_key: JkSDACCDONV5Lb+VCyntTVer4VT8Wiif2MQ7+jQg5AY=
diff --git a/host_vars/quassel.archlinux.org/vault_wireguard.yml b/host_vars/quassel.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 88ac3f473..000000000
--- a/host_vars/quassel.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66383930653234636164396535316364373836363636386263666132316161643635633335316565
-6639613935626533663637663733333333346438393637370a383436646565656232613639323564
-38356666376133656338343032356236646665396439393134356162366230326338313564333337
-6231333532636537320a343463363339336431626661363737383637643961666663336663656161
-30373439633134386237333636393032306132383335306234393338373636313035646338343034
-31323763646561613638373839396232616235656537633230653438656137363265333238343661
-62346361346432346364306136646462626539383462326231613135323230396439313030373332
-38366130653463366430
diff --git a/host_vars/redirect.archlinux.org/misc.yml b/host_vars/redirect.archlinux.org/misc.yml
index f33e80c00..7615c9562 100644
--- a/host_vars/redirect.archlinux.org/misc.yml
+++ b/host_vars/redirect.archlinux.org/misc.yml
@@ -1,6 +1,6 @@
filesystem: btrfs
wireguard_address: 10.0.0.25
-wireguard_public_key: n11Ps2sc0Cxsi1sLaYFq7dkhlDtTnOZCGovRYbzDGR8=
+wireguard_public_key: MOhw0Jk1S526WtcvvMdxHxLRMSSQPkv3AeH09W0wWxo=
ipv4_address: "95.216.195.133"
ipv6_address: "2a01:4f9:c010:2636::1"
diff --git a/host_vars/redirect.archlinux.org/vault_wireguard.yml b/host_vars/redirect.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index aa5118601..000000000
--- a/host_vars/redirect.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38393434303739353261646462323137666163313335366366333930396462323762343038623436
-3331633437333536363437343236303236386531303030360a393331353863636137383539376439
-38616533333337313739383063343039303261366330313261613262383465336634366332623732
-6531363161643636320a376639333762383133346437636464643266363862333737653864353366
-30333836333966653131326235663537333437343934333032613261646339633332343261353735
-37653230386636366539343265653736373061343262316339613139353737306664616633346335
-31393063353339363834653966396535373764366531636137643666306532306138373137636163
-37663539366239373864
diff --git a/host_vars/repos.archlinux.org/misc.yml b/host_vars/repos.archlinux.org/misc.yml
index e3e01509d..e8e867a27 100644
--- a/host_vars/repos.archlinux.org/misc.yml
+++ b/host_vars/repos.archlinux.org/misc.yml
@@ -14,4 +14,4 @@ system_disks:
raid_level: "raid1"
wireguard_address: 10.0.0.45
-wireguard_public_key: MDt3DqmYppnV81CFHLII1O80BWFGYeGGNrDWlQcX5H8=
+wireguard_public_key: ZE7fr78hG6eB3Qjhys0n7DxplMBbcWzBGI7DhMvCeDc=
diff --git a/host_vars/repos.archlinux.org/vault_wireguard.yml b/host_vars/repos.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 2912bfe8c..000000000
--- a/host_vars/repos.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31636166336635646637363937613362656434373536616461323562313134333035366436326632
-3834663131386336356331373530356533383238626361380a326233643634653433633733623865
-37616439396230303431393730326662646633613838313532393536393365326562653561653264
-6631616564333265660a343765636564383065353831386531353138373234386538323836623532
-62343662393739626630343062643964343535353931356337643661663238393130346634373362
-66373364623962363637653963643631393438386264323630316234386531383931383264643462
-66306337313864353761613433393961336438636632616435393163353462613765666162313333
-31646239623765643531
diff --git a/host_vars/repro2.pkgbuild.com/misc.yml b/host_vars/repro2.pkgbuild.com/misc.yml
index 0c0e995d3..6888b8802 100644
--- a/host_vars/repro2.pkgbuild.com/misc.yml
+++ b/host_vars/repro2.pkgbuild.com/misc.yml
@@ -21,4 +21,4 @@ rebuilderd_workers:
- repro23
- repro24
wireguard_address: 10.0.0.29
-wireguard_public_key: PQDUQxGH6n3PY/dqlDk6DsSV5XBYQvJWJbVJldEuYic=
+wireguard_public_key: L47UZExXfMnoPAtcM3hRxkdsPEdvl+hfAJYtUx64lwc=
diff --git a/host_vars/repro2.pkgbuild.com/vault_wireguard.yml b/host_vars/repro2.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index a05715f1e..000000000
--- a/host_vars/repro2.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39343032623831616438633561333734393536393033363533393966363332666564333834636333
-6564636661313937346263666535323862663364646634620a303937353432356463653664316262
-30393862326564643063336434653830303235373836373639386261346233363137356163313564
-6162343237316539650a343139306164643530376636626537383633666266643536393235623361
-39373966333632636537313966623264653739613963353636613266303061613132633831366162
-38663263333731326337633261303239373834356233613766383933356631636661613734383862
-65326537303361663466303833383762646232373336373231393866613762326161333564313362
-36386364653036623237
diff --git a/host_vars/repro3.pkgbuild.com/misc.yml b/host_vars/repro3.pkgbuild.com/misc.yml
index 05d0c4f32..9b3a8a31d 100644
--- a/host_vars/repro3.pkgbuild.com/misc.yml
+++ b/host_vars/repro3.pkgbuild.com/misc.yml
@@ -19,4 +19,4 @@ rebuilderd_workers:
- repro31
- repro32
wireguard_address: 10.0.0.40
-wireguard_public_key: wG9TkWIw+g0WvOWChIqllpIh3+DjIDKy0XYh+pM+CS4=
+wireguard_public_key: 9rIoEz3NZnprT2CIb/NpRiX6XsUAkgLwIaG3p9IcHlI=
diff --git a/host_vars/repro3.pkgbuild.com/vault_wireguard.yml b/host_vars/repro3.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 86cb20704..000000000
--- a/host_vars/repro3.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-33343930633664323330376165323137396432613264316633326363356537303463366133313639
-3565623331366636383065363965643461303032353262620a613839313663613931303832643031
-36313563346231376135393836343962666161316364666165353031643662623133383864356330
-3961303563316434620a303961333934613835333166333334653033633532633764363131373336
-61626261313137643830626338666135333031626334666661386237306235656537626434643763
-36393636323137323039386566306133303530616435633931343964613631636362343330613131
-61303430623634353739366365356137656136633631316637346533646163343937666561386665
-37366362336238653935
diff --git a/host_vars/reproducible.archlinux.org/misc.yml b/host_vars/reproducible.archlinux.org/misc.yml
index e6004748e..8b4a2e3f1 100644
--- a/host_vars/reproducible.archlinux.org/misc.yml
+++ b/host_vars/reproducible.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
zram_fraction: 2.0
wireguard_address: 10.0.0.6
-wireguard_public_key: F2X4lMxdET35mceNtRVqSxVVbwEUVey5IjveG0yHJ0Q=
+wireguard_public_key: d/emQtrNru4RLGGLc4TUfM3kHZrQZcweW3IGyHKHoUo=
diff --git a/host_vars/reproducible.archlinux.org/vault_wireguard.yml b/host_vars/reproducible.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 8447be97f..000000000
--- a/host_vars/reproducible.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35666639643636633339303064353631316266383633396438326133346330376334306639393062
-3262633562623066616561663562366263303561633937330a353461393661363736653063663732
-62633838613632316365633064383938643732373035623465323037616530323832366431323461
-3430623431303838330a386466356463653262396663613537343833653366646633323932616239
-64323466343864653436363262643864323561653038633465636463633239643736303436343432
-33363930663232623034626131333437303133393139316338356633363136376130303063326432
-39653035613061373964643830323534393339623734663632316361336164306234626165383235
-65653036353432306362
diff --git a/host_vars/runner1.archlinux.org/misc.yml b/host_vars/runner1.archlinux.org/misc.yml
index fa7d466f0..e00a85f88 100644
--- a/host_vars/runner1.archlinux.org/misc.yml
+++ b/host_vars/runner1.archlinux.org/misc.yml
@@ -16,4 +16,4 @@ raid_level: "raid1"
configure_network: true
wireguard_address: 10.0.0.30
-wireguard_public_key: VghPKlYaYYcdt4peH2n9X95ebTamz2MeOI8NvMTmomI=
+wireguard_public_key: HNs19dDeutg4yA2twh9Qw26bfVA1J9Z5rrBYSye0q2k=
diff --git a/host_vars/runner1.archlinux.org/vault_wireguard.yml b/host_vars/runner1.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e001efd70..000000000
--- a/host_vars/runner1.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62373830363439396663313462346231323262393932303530643531616137623733343032343564
-3966366530383432383930363433383065616164663132350a303463643432353939373662303433
-34646431343932356562333366623734343939343139393131383166333231386263353361636165
-6535366335623738390a366432653561656439646537373037613639663836363439343438636333
-63613835633038326261383665306530623637653165336334653339623637323163643630356533
-62363762646665353263656635663661613964316261616230343065336532626565343331313466
-37616337373036336263626433373138666266633030666631643065646332386433383836356537
-65373363363235336631
diff --git a/host_vars/runner3.archlinux.org/misc.yml b/host_vars/runner3.archlinux.org/misc.yml
index 4628a299d..540c5f0b0 100644
--- a/host_vars/runner3.archlinux.org/misc.yml
+++ b/host_vars/runner3.archlinux.org/misc.yml
@@ -13,4 +13,4 @@ system_disks:
- /dev/sdb
configure_network: true
wireguard_address: 10.0.0.41
-wireguard_public_key: V2GA/YWnz0toKZ8GR3w3uzMwgHr5vqMzXVL5d3e1Y0s=
+wireguard_public_key: flSHBQWtwvO/OavyFGN4JaO+ezgoi42nCJxComtpPCA=
diff --git a/host_vars/runner3.archlinux.org/vault_wireguard.yml b/host_vars/runner3.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 059021748..000000000
--- a/host_vars/runner3.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39326530623136386332396132333331643764663066346233303563323338653362663337333734
-3438343861366463393234306663623533636631323837360a666430646563313266653530383035
-66393931343130613631623634663531386434626266626165373066326433353532353135373436
-6431623763373533330a316664393137383466326435323139333831323865326563303036323135
-36323961323637316636663164383834383634393834363361643431366465376439393661383139
-61303239383061623865653436303261326461303631646534343334363732353661616263363762
-36346537613138323231303433643762323231656461643863643032393337653730393535643539
-61653666653032666564
diff --git a/host_vars/secure-runner1.archlinux.org/misc.yml b/host_vars/secure-runner1.archlinux.org/misc.yml
index 90e3245db..a7ef784f9 100644
--- a/host_vars/secure-runner1.archlinux.org/misc.yml
+++ b/host_vars/secure-runner1.archlinux.org/misc.yml
@@ -11,4 +11,4 @@ system_disks:
- /dev/nvme0n1
- /dev/nvme1n1
wireguard_address: 10.0.0.8
-wireguard_public_key: 6cb0sL2PgD55IXWr5j/uIn9wCgUL+HT83vWrxWClSBU=
+wireguard_public_key: Ltuc7ESRSuy0fbtl0an7kC6nlpm0GgrDkan+3Cnszng=
diff --git a/host_vars/secure-runner1.archlinux.org/vault_wireguard.yml b/host_vars/secure-runner1.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index cc1499616..000000000
--- a/host_vars/secure-runner1.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30396262386461333862653131646263626435376237326130336631636633616134373530393661
-6564393630323961346264623565393563303833326630390a363432343365386166313631383564
-39306335616163343831653934643536386466306139393732666239323930383330666231313239
-3237383366643063390a666137356536643735663735613936373732353535323462383364326239
-31653466656536666234383863646335663564626637356637626662643433366434613361303737
-62653662363630353963623534646562313661373766623033353663633632383533623030363437
-65306264363932346631623132643836653862336532333638613064613631343961623539333165
-66303363323566623437
diff --git a/host_vars/security.archlinux.org/misc.yml b/host_vars/security.archlinux.org/misc.yml
index eeb8472e9..e2382eda8 100644
--- a/host_vars/security.archlinux.org/misc.yml
+++ b/host_vars/security.archlinux.org/misc.yml
@@ -1,6 +1,6 @@
filesystem: btrfs
wireguard_address: 10.0.0.24
-wireguard_public_key: CENgItOHJI/lLUNcUNpC+1oZJBvX/G+nemAKZYfCSCw=
+wireguard_public_key: 5TMXSk3wbltxbfaBaMcrRmEZ4hfyhDRttlZbfb58U3s=
fail2ban_jails:
sshd: true
diff --git a/host_vars/security.archlinux.org/vault_wireguard.yml b/host_vars/security.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 99d8f7d64..000000000
--- a/host_vars/security.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65323335366334356565373130366362356331666163303033643736616363336533333835663762
-6630623738313561613163353264616564393739343261360a623965633934636235313832666235
-34346638366165613565346462303739626561336636356634363865393630386261343261343361
-3334333430346364620a393465333133386530666136653133643465653466633562643431383961
-35386634663932373236626465373763656665386235323362336337666331306631313634343633
-31653532373562363261663533616264653163653265363330343931366466313066636261616330
-39623763373731626436343237333136623638313732643435643461323538326639616464386265
-61383439666262623966
diff --git a/host_vars/state.archlinux.org/misc.yml b/host_vars/state.archlinux.org/misc.yml
index 4498f8381..f84de16b2 100644
--- a/host_vars/state.archlinux.org/misc.yml
+++ b/host_vars/state.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.11
-wireguard_public_key: cRNS30527OCEgijC7FHrtdXxdNnwWsXP8F1QAoKgAFQ=
+wireguard_public_key: byTCGLgHF4GqCCjmCRHJi/pzyKJKEBAik/ViVrafgzA=
diff --git a/host_vars/state.archlinux.org/vault_wireguard.yml b/host_vars/state.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e0d3c4a65..000000000
--- a/host_vars/state.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65616436343433643361656439393166306231353638383233353530343263643339303561356234
-6337623435653866663363333135343236363933306362320a333066646464653333343238663766
-31363465373132303638356435633533383833636437393736616237343838313935663933646463
-6564626637343431610a313133333237666232613037633335656265326636316633343235383931
-36346366663863663839393664316232633239626162353033343137353861386439383031326565
-30653534646233353763643439653237623662343139326537303363343932613537346536343934
-38386138393532323539373561313962663263393866303331646365343433353338323634396230
-61323538356130623166
diff --git a/host_vars/sydney.mirror.pkgbuild.com/misc.yml b/host_vars/sydney.mirror.pkgbuild.com/misc.yml
index 6f73efaeb..e197f514b 100644
--- a/host_vars/sydney.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/sydney.mirror.pkgbuild.com/misc.yml
@@ -13,4 +13,4 @@ system_disks:
- /dev/sdb
configure_network: true
wireguard_address: 10.0.0.39
-wireguard_public_key: nBu1/pofjzyD31D32VHIs8ajNc5thkzweOWsW28WSFU=
+wireguard_public_key: LxsZN7J4OrPUZgGldHQ0tLzFmXuS65IsCGyEPfCrMWo=
diff --git a/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index bdc0e350b..000000000
--- a/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32336664393464623630396239636539616239343332623261386337376335386139346336393065
-6530316635653337653630303264666635313138303233640a313263343334646661363235313733
-64613539366566346438313266373439643239343731313565306163623836313162643336303737
-3736626632363963660a396435376137303038636163306134383966303035636232626163316362
-66636136633265336634353534396331393266393438356237326265343337336265323865663137
-33653332666535646632343236383364323961353461306463636261643832663765663338663663
-36383463376664666635636637323264303063383731353033623634303630323965666331646631
-34363766653866643665
diff --git a/host_vars/wiki.archlinux.org/misc.yml b/host_vars/wiki.archlinux.org/misc.yml
index 3f1085003..b052ac763 100644
--- a/host_vars/wiki.archlinux.org/misc.yml
+++ b/host_vars/wiki.archlinux.org/misc.yml
@@ -1,7 +1,7 @@
filesystem: btrfs
memcached_socket: "/run/memcached/archwiki.sock"
wireguard_address: 10.0.0.22
-wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=
+wireguard_public_key: +HOjbJivvyeww7Mvej5IOZghZ000AAGxy1qN1eZZajo=
nginx_extra_modules:
- name: geoip2
nginx_enable_http3: true
diff --git a/host_vars/wiki.archlinux.org/vault_wireguard.yml b/host_vars/wiki.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index a54bb8285..000000000
--- a/host_vars/wiki.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-63333966373462376261363465343661343330333333346563656666356561663734663266393536
-6465343832643637376130306562373162316661613066310a353664306238636566353632343263
-32353437323363663134633161383864343833343834663433303261663432383666613564363830
-6565346666316234640a383932633035343134323738653262363263323037613038353438626639
-36316136396662643438373634376433636661386239633831343866343034653936386531633262
-38373961643339636264333138366461623663346637353966353261313532666638373231323536
-65326539383832643665616236333265383636633764613438616531396562653930396232666466
-32623335376431306361
diff --git a/roles/wireguard/templates/wg0.netdev.j2 b/roles/wireguard/templates/wg0.netdev.j2
index 87efe2148..8d276808d 100644
--- a/roles/wireguard/templates/wg0.netdev.j2
+++ b/roles/wireguard/templates/wg0.netdev.j2
@@ -4,7 +4,7 @@ Kind=wireguard
[WireGuard]
ListenPort=51820
-PrivateKey={{ vault_wireguard_private_key }}
+PrivateKey=@network.wireguard.private.wg0
{% for host in groups['all'] if host != inventory_hostname %}
[WireGuardPeer]
--
GitLab