Skip to content
Snippets Groups Projects
Verified Commit 1950fbeb authored by Kristian Klausen's avatar Kristian Klausen :tada:
Browse files

Merge branch 'wireguard-vault-removal' into 'master' 

Remove the WG private keys from the vault and store them only on the servers

See merge request !891
parents 6d39c3c6 27553ab3
No related branches found
No related tags found
1 merge request!891Remove the WG private keys from the vault and store them only on the servers
Pipeline #114660 passed
Stage: test
Hide whitespace changes
Inline Side-by-side
Showing
with 10 additions and 100 deletions
host_vars/repro2.pkgbuild.com/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
39343032623831616438633561333734393536393033363533393966363332666564333834636333
6564636661313937346263666535323862663364646634620a303937353432356463653664316262
30393862326564643063336434653830303235373836373639386261346233363137356163313564
6162343237316539650a343139306164643530376636626537383633666266643536393235623361
39373966333632636537313966623264653739613963353636613266303061613132633831366162
38663263333731326337633261303239373834356233613766383933356631636661613734383862
65326537303361663466303833383762646232373336373231393866613762326161333564313362
36386364653036623237
host_vars/repro3.pkgbuild.com/misc.yml
+ 1
1
View file @ 1950fbeb
......@@ -19,4 +19,4 @@ rebuilderd_workers:
- repro31
- repro32
wireguard_address: 10.0.0.40
wireguard_public_key: wG9TkWIw+g0WvOWChIqllpIh3+DjIDKy0XYh+pM+CS4=
wireguard_public_key: 9rIoEz3NZnprT2CIb/NpRiX6XsUAkgLwIaG3p9IcHlI=
host_vars/repro3.pkgbuild.com/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
33343930633664323330376165323137396432613264316633326363356537303463366133313639
3565623331366636383065363965643461303032353262620a613839313663613931303832643031
36313563346231376135393836343962666161316364666165353031643662623133383864356330
3961303563316434620a303961333934613835333166333334653033633532633764363131373336
61626261313137643830626338666135333031626334666661386237306235656537626434643763
36393636323137323039386566306133303530616435633931343964613631636362343330613131
61303430623634353739366365356137656136633631316637346533646163343937666561386665
37366362336238653935
host_vars/reproducible.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
filesystem: btrfs
zram_fraction: 2.0
wireguard_address: 10.0.0.6
wireguard_public_key: F2X4lMxdET35mceNtRVqSxVVbwEUVey5IjveG0yHJ0Q=
wireguard_public_key: d/emQtrNru4RLGGLc4TUfM3kHZrQZcweW3IGyHKHoUo=
host_vars/reproducible.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
35666639643636633339303064353631316266383633396438326133346330376334306639393062
3262633562623066616561663562366263303561633937330a353461393661363736653063663732
62633838613632316365633064383938643732373035623465323037616530323832366431323461
3430623431303838330a386466356463653262396663613537343833653366646633323932616239
64323466343864653436363262643864323561653038633465636463633239643736303436343432
33363930663232623034626131333437303133393139316338356633363136376130303063326432
39653035613061373964643830323534393339623734663632316361336164306234626165383235
65653036353432306362
host_vars/runner1.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
......@@ -16,4 +16,4 @@ raid_level: "raid1"
configure_network: true
wireguard_address: 10.0.0.30
wireguard_public_key: VghPKlYaYYcdt4peH2n9X95ebTamz2MeOI8NvMTmomI=
wireguard_public_key: HNs19dDeutg4yA2twh9Qw26bfVA1J9Z5rrBYSye0q2k=
host_vars/runner1.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
62373830363439396663313462346231323262393932303530643531616137623733343032343564
3966366530383432383930363433383065616164663132350a303463643432353939373662303433
34646431343932356562333366623734343939343139393131383166333231386263353361636165
6535366335623738390a366432653561656439646537373037613639663836363439343438636333
63613835633038326261383665306530623637653165336334653339623637323163643630356533
62363762646665353263656635663661613964316261616230343065336532626565343331313466
37616337373036336263626433373138666266633030666631643065646332386433383836356537
65373363363235336631
host_vars/runner3.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
......@@ -13,4 +13,4 @@ system_disks:
- /dev/sdb
configure_network: true
wireguard_address: 10.0.0.41
wireguard_public_key: V2GA/YWnz0toKZ8GR3w3uzMwgHr5vqMzXVL5d3e1Y0s=
wireguard_public_key: flSHBQWtwvO/OavyFGN4JaO+ezgoi42nCJxComtpPCA=
host_vars/runner3.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
39326530623136386332396132333331643764663066346233303563323338653362663337333734
3438343861366463393234306663623533636631323837360a666430646563313266653530383035
66393931343130613631623634663531386434626266626165373066326433353532353135373436
6431623763373533330a316664393137383466326435323139333831323865326563303036323135
36323961323637316636663164383834383634393834363361643431366465376439393661383139
61303239383061623865653436303261326461303631646534343334363732353661616263363762
36346537613138323231303433643762323231656461643863643032393337653730393535643539
61653666653032666564
host_vars/secure-runner1.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
......@@ -11,4 +11,4 @@ system_disks:
- /dev/nvme0n1
- /dev/nvme1n1
wireguard_address: 10.0.0.8
wireguard_public_key: 6cb0sL2PgD55IXWr5j/uIn9wCgUL+HT83vWrxWClSBU=
wireguard_public_key: Ltuc7ESRSuy0fbtl0an7kC6nlpm0GgrDkan+3Cnszng=
host_vars/secure-runner1.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
30396262386461333862653131646263626435376237326130336631636633616134373530393661
6564393630323961346264623565393563303833326630390a363432343365386166313631383564
39306335616163343831653934643536386466306139393732666239323930383330666231313239
3237383366643063390a666137356536643735663735613936373732353535323462383364326239
31653466656536666234383863646335663564626637356637626662643433366434613361303737
62653662363630353963623534646562313661373766623033353663633632383533623030363437
65306264363932346631623132643836653862336532333638613064613631343961623539333165
66303363323566623437
host_vars/security.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
filesystem: btrfs
wireguard_address: 10.0.0.24
wireguard_public_key: CENgItOHJI/lLUNcUNpC+1oZJBvX/G+nemAKZYfCSCw=
wireguard_public_key: 5TMXSk3wbltxbfaBaMcrRmEZ4hfyhDRttlZbfb58U3s=
fail2ban_jails:
sshd: true
......
host_vars/security.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
65323335366334356565373130366362356331666163303033643736616363336533333835663762
6630623738313561613163353264616564393739343261360a623965633934636235313832666235
34346638366165613565346462303739626561336636356634363865393630386261343261343361
3334333430346364620a393465333133386530666136653133643465653466633562643431383961
35386634663932373236626465373763656665386235323362336337666331306631313634343633
31653532373562363261663533616264653163653265363330343931366466313066636261616330
39623763373731626436343237333136623638313732643435643461323538326639616464386265
61383439666262623966
host_vars/state.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
filesystem: btrfs
wireguard_address: 10.0.0.11
wireguard_public_key: cRNS30527OCEgijC7FHrtdXxdNnwWsXP8F1QAoKgAFQ=
wireguard_public_key: byTCGLgHF4GqCCjmCRHJi/pzyKJKEBAik/ViVrafgzA=
host_vars/state.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
65616436343433643361656439393166306231353638383233353530343263643339303561356234
6337623435653866663363333135343236363933306362320a333066646464653333343238663766
31363465373132303638356435633533383833636437393736616237343838313935663933646463
6564626637343431610a313133333237666232613037633335656265326636316633343235383931
36346366663863663839393664316232633239626162353033343137353861386439383031326565
30653534646233353763643439653237623662343139326537303363343932613537346536343934
38386138393532323539373561313962663263393866303331646365343433353338323634396230
61323538356130623166
host_vars/sydney.mirror.pkgbuild.com/misc.yml
+ 1
1
View file @ 1950fbeb
......@@ -13,4 +13,4 @@ system_disks:
- /dev/sdb
configure_network: true
wireguard_address: 10.0.0.39
wireguard_public_key: nBu1/pofjzyD31D32VHIs8ajNc5thkzweOWsW28WSFU=
wireguard_public_key: LxsZN7J4OrPUZgGldHQ0tLzFmXuS65IsCGyEPfCrMWo=
host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
32336664393464623630396239636539616239343332623261386337376335386139346336393065
6530316635653337653630303264666635313138303233640a313263343334646661363235313733
64613539366566346438313266373439643239343731313565306163623836313162643336303737
3736626632363963660a396435376137303038636163306134383966303035636232626163316362
66636136633265336634353534396331393266393438356237326265343337336265323865663137
33653332666535646632343236383364323961353461306463636261643832663765663338663663
36383463376664666635636637323264303063383731353033623634303630323965666331646631
34363766653866643665
host_vars/wiki.archlinux.org/misc.yml
+ 1
1
View file @ 1950fbeb
filesystem: btrfs
memcached_socket: "/run/memcached/archwiki.sock"
wireguard_address: 10.0.0.22
wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=
wireguard_public_key: +HOjbJivvyeww7Mvej5IOZghZ000AAGxy1qN1eZZajo=
nginx_extra_modules:
- name: geoip2
nginx_enable_http3: true
host_vars/wiki.archlinux.org/vault_wireguard.yml deleted 100644 → 0
+ 0
9
View file @ 6d39c3c6
$ANSIBLE_VAULT;1.1;AES256
63333966373462376261363465343661343330333333346563656666356561663734663266393536
6465343832643637376130306562373162316661613066310a353664306238636566353632343263
32353437323363663134633161383864343833343834663433303261663432383666613564363830
6565346666316234640a383932633035343134323738653262363263323037613038353438626639
36316136396662643438373634376433636661386239633831343866343034653936386531633262
38373961643339636264333138366461623663346637353966353261313532666638373231323536
65326539383832643665616236333265383636633764613438616531396562653930396232666466
32623335376431306361
roles/wireguard/templates/wg0.netdev.j2
+ 1
1
View file @ 1950fbeb
......@@ -4,7 +4,7 @@ Kind=wireguard
[WireGuard]
ListenPort=51820
PrivateKey={{ vault_wireguard_private_key }}
PrivateKey=@network.wireguard.private.wg0
{% for host in groups['all'] if host != inventory_hostname %}
[WireGuardPeer]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment