Merge branch 'wireguard-vault-removal' into 'master'

Remove the WG private keys from the vault and store them only on the servers

See merge request !891

docs/wireguard.md

@@ -9,7 +9,7 @@ Many of our servers communicate through wireguard VPN with each others. If you n
     wireguard_public_key: <wg-pubkey>
     ```
 
-1. Save the private key in a encypted vault in  `host_vars/<fqdn>/vault_wireguard.yml`
+1. Generate the private key on the server with `wg genkey | systemd-creds encrypt - /etc/credstore.encrypted/network.wireguard.private.wg0` and restart systemd-networkd with `systemctl restart systemd-networkd`
 
     Tips: 
     - Pick next available IP for Wireguard from `grep -r wireguard_address host_vars/ | cut -f3 -d: | sort -h`

host_vars/accounts.archlinux.org/misc.yml

 filesystem: btrfs
 wireguard_address: 10.0.0.16
-wireguard_public_key: 8CbVXc2+FllLpZb/sv/csHzqaOOsasJlV0gmkIzhBXo=
+wireguard_public_key: crSq52AQ/ODcZekod0Xw/fBRALl3yv51gNMgPSFrxWc=

host_vars/accounts.archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-39656138306339653936386338383364616566313037393563383133323734383235366234663430
-3836316538373966643036336532653534643236333361370a393862653165343964363065643439
-30626338313066353930663036653734323364633537616536393439306134363964346434313663
-6663663431343637380a353731316331386466353537303537666663333239326462633636326438
-39343936653031316431383734316166663739393738366462636361313762393034656330653332
-66336534396134613333646666356266306633326138353131623634343436393533383736633066
-32373663313632393430313464396131396262616162613733613562616464353131656333323935
-63653836383737663337

host_vars/america.mirror.pkgbuild.com/misc.yml

@@ -16,4 +16,4 @@ system_disks:
   - /dev/sdc
 raid_level: "raid5"
 wireguard_address: 10.0.0.27
-wireguard_public_key: aC544PuXq63LgIeOvVD5dw++9XJE47YKUqeRw3ol0Qo=
+wireguard_public_key: 5oI+dah4LlkUPBs/JI5lJAgDxBQa/+ofu0hLfxAkcio=

host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-39393666386564646432636132366332363234636531363930663564316235386639613431656337
-3533376363376332646161316230343566326266323230350a343561303331656134346634633132
-33333062303732363138373936363061303063306632636234363737623931613938653563353630
-3838356538316531380a306563613562376135656164363065346136376231666532313433326661
-39353831616463343833313361643032366363383565303235363733613964386137643236646661
-63656237663637653564396165306534316438663534356361333561643637663166363433313832
-38313563666636343737656530393061336262333334343166393862316432343162653266626366
-38623764343939386635

host_vars/archlinux.org/misc.yml

@@ -11,5 +11,5 @@ fail2ban_jails:
   dovecot: false
   nginx_limit_req: true
 wireguard_address: 10.0.0.1
-wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
+wireguard_public_key: 2Mk9WPdkf+1Q6Kk6g5eeX5xSHfCisiGJAdmSjRyefBo=
 nginx_enable_http3: true

host_vars/archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-33623361656563376138323966373530383432393838323238343661306531363262653864626530
-3137643364303338663665343837343862356139633830370a633766373830306561353562656634
-63333861616437326132343765356231373963386563386131343462623962386333376236363339
-3433376666383135360a636663616238346435613635353834393739336234336536336366393835
-66616266356531663365633362333363376439633835616466633338353033376366633461653830
-33663763616233396636613661623138313831316436383566363361383535363766363764613164
-39336636393438363632383964303936346165633464616636386265356538383064333464316636
-31633635313539383134

host_vars/asia.mirror.pkgbuild.com/misc.yml

@@ -16,4 +16,4 @@ system_disks:
   - /dev/sdc
 raid_level: "raid5"
 wireguard_address: 10.0.0.26
-wireguard_public_key: Bvia4T68/PCa01MSg+wclUJ1rJ5Hth9khui3y3Tr5EM=
+wireguard_public_key: cU2/3DKCNCWJwZP6SF7ifKHS+VFeC7VQ212eTof8IxU=

host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-31366437643838616630653261666262376336623336363235386333313639633364626436366437
-3038366565393761643434623166363863326638666634340a353562383664373264636166346562
-38316634653136313038346261376434623030346464363465343235653365633932656131343936
-3433386162313537330a373538306161616263653937363335616666303639306461656433653233
-37323532336639666539353237393939336337363833646366363035393631626633636437333263
-65333831353362613364656135643131633738303134366361643561366538306430323161363130
-64396230653231636532396339316236643536663938643036636664653564343538663162393336
-61383037333965396330

host_vars/aur.archlinux.org/misc.yml

@@ -6,5 +6,5 @@ fail2ban_jails:
   nginx_limit_req: true
 memcached_socket: "/run/memcached/aurweb.sock"
 wireguard_address: 10.0.0.2
-wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
+wireguard_public_key: 51KGJWs3ZlI4tEdOpYFENhf22aETQEn9ApbmVyiF4zQ=
 nginx_enable_http3: true

host_vars/aur.archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-38303834643063336663396561303562333061313961346265666162313933323862386633306231
-3033663637323139626363343033663864656432393461610a643162623931326362653964373865
-64303239643366323834393136306434643239393865303663626439376238333131323163326165
-3138643036373536660a386236373536643937353132333933666664653132366361343839333932
-63363265383962626136616562633363306464616333346661366235303332636435343664396466
-39393936383038303663336431323034633730343432306233613731613064333261643938633166
-62623037393063353965336634326135663535613661343164316336643536303135353631613336
-30643062303161336532

host_vars/bbs.archlinux.org/misc.yml

 filesystem: btrfs
 wireguard_address: 10.0.0.17
-wireguard_public_key: i65GF9BaoTDvTXLJBpZWbuu2jV3F2mc0tH16Y6cQY1g=
+wireguard_public_key: F5gX6SV5aka/fxEkgsVm1YRCYoeDY6d/H5C9U3/SrVU=

host_vars/bbs.archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-65346463623631643532663531316535373432383537343833613536643764353965376331333833
-3866313230356133326132633834376564396132393637360a346263393438633966663536643338
-37313034363665333433663163313334386437346635663336313363386534383635343463383935
-6330343133626235610a643536303231343435383265366434373562363236376233303365393430
-63353961663432316438653932326339653961646634343034373739643330363562633164343539
-38323061336364366533626536383661666238633230653466626361326466356534303735393464
-31393536653832366661393061663862366563333134333930373365316562386137323132613130
-32646164663865346363

host_vars/bugbuddy.archlinux.org/misc.yml

 filesystem: btrfs
 wireguard_address: 10.0.0.44
-wireguard_public_key: vtu2TM79djeQQA0qqPVuZHxSHz8hdHQ1P15ONF6zSx4=
+wireguard_public_key: /x1Czg/8u24dVhi+WMSGeSbw2HKk3la0K8X1WsDk7yA=

host_vars/bugbuddy.archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-36623330313366306639313763636132616435633030616363383733386663373966396466396532
-6239386539646333383436653435613731323666346365310a363663353436323562353930336662
-31303162656166333165303966346137363266393763383463633636623330373966376537623433
-3432353931333031610a663365653431356536343861363964323861366130636161633461323165
-65633966386166663064393830333061633466313033356538643466323138346531313838663133
-31356665323935316165633836636436316137356565323930393766623661393334306139343061
-37646266373236643332333736326264333866396137623237383361333362333832326161636461
-31616262616538643233

host_vars/build.archlinux.org/misc.yml

@@ -14,4 +14,4 @@ raid_level: "raid1"
 
 archbuild_fs: 'btrfs'
 wireguard_address: 10.0.0.18
-wireguard_public_key: /P8QGSFgvRETkYdsvAtNQWWT3pE7FpouCz+x1N4yIm4=
+wireguard_public_key: 9Lii487Uuzu5ihJwHx6RBpCiUWRHl9VGwC+Oz5wzejk=

host_vars/build.archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-34353334323261383932313330303432363235663333643237613030346161313166383662313863
-6630323266346530646363333164656433366134626537380a366232303237656138336464626139
-34653130326137303465626130373437333238323936343661663466343036663233333736663732
-6161366463343234620a353833623438336633333562386366343638623339363235656138333931
-61333732326532653536376133313861333837303064616239646361366531373261666263343236
-63353234313634623131666566353738313566383136663366623761373466623530326465326132
-63383830363039313666666136353435623863383164613736303034346336316663316339616161
-37663539323132616462

host_vars/dashboards.archlinux.org/misc.yml

 filesystem: btrfs
 ipv4_address: 157.90.255.107
 wireguard_address: 10.0.0.33
-wireguard_public_key: lLZtvFIrmtUXRXmw+qQC8LZ00NzN1wlvcI4grNWt2lE=
+wireguard_public_key: Vv2qAjdcPpAvt1hOV5zc4WR6iTqmiPdDNr5+9Wv2Jw4=

host_vars/dashboards.archlinux.org/vault_wireguard.yml

-$ANSIBLE_VAULT;1.1;AES256
-37393533623530623933343165626263336435303161356262626137643866363763356162383164
-6331393262656363303261346361396131303566643634360a363632656333343533353162326630
-62373738383865383362666534336135346533643935333631373234373139366432306532636632
-3632356365313166610a393137356532363161386232393839386634313131353138383061306337
-30363939376639383234366239376230333266396633363261346265323337386333326231633162
-39363036646539396464376637303732653530323164663266383264356662653462353135373137
-33343462653434646430316233303161353131633366656133396362313632633663353938613837
-39643334316165653332

host_vars/debuginfod.archlinux.org/misc.yml

@@ -2,4 +2,4 @@ filesystem: btrfs
 ipv4_address: 168.119.240.111
 ipv6_address: 2a01:4f8:c010:74d4::1
 wireguard_address: 10.0.0.35
-wireguard_public_key: Wp9ruR2+pCj0TsATuJZiUxk9x6BwcUhXs/yZlmGYjRE=
+wireguard_public_key: R3ZlD7HmoiGH2FyIGSaiYc1hIA7JHp3ivXQlRGc7iyA=