From 27553ab31a0a605b168e802a65ba34d035629688 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Sat, 30 Nov 2024 16:28:27 +0100
Subject: [PATCH] Remove the WG private keys from the vault and store them only
on the servers
With the support for network.wireguard.* credentials[1] in systemd
v256[2], we can now easily avoid storing the credentials centrally in
our ansible vault, which is preferable as it makes the private keys less
exposed. It may also make fine-grained access easier in the future[3] as
there is no longer a vault file for each server.
All the keys have been rotated and the new private keys are only stored
on the servers.
[1] https://github.com/systemd/systemd/pull/30826
[2] https://github.com/systemd/systemd/releases/tag/v256
[3] https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/64
---
docs/wireguard.md | 2 +-
host_vars/accounts.archlinux.org/misc.yml | 2 +-
host_vars/accounts.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/america.mirror.pkgbuild.com/misc.yml | 2 +-
.../america.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/archlinux.org/misc.yml | 2 +-
host_vars/archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/asia.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/aur.archlinux.org/misc.yml | 2 +-
host_vars/aur.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/bbs.archlinux.org/misc.yml | 2 +-
host_vars/bbs.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/bugbuddy.archlinux.org/misc.yml | 2 +-
host_vars/bugbuddy.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/build.archlinux.org/misc.yml | 2 +-
host_vars/build.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/dashboards.archlinux.org/misc.yml | 2 +-
host_vars/dashboards.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/debuginfod.archlinux.org/misc.yml | 2 +-
host_vars/debuginfod.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/europe.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/gemini.archlinux.org/misc.yml | 2 +-
host_vars/gemini.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/gitlab.archlinux.org/misc.yml | 2 +-
host_vars/gitlab.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/gluebuddy.archlinux.org/misc.yml | 2 +-
host_vars/gluebuddy.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/homedir.archlinux.org/misc.yml | 2 +-
host_vars/homedir.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/lists.archlinux.org/misc.yml | 2 +-
host_vars/lists.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/london.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/mail.archlinux.org/misc.yml | 2 +-
host_vars/mail.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/man.archlinux.org/misc.yml | 2 +-
host_vars/man.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/matrix.archlinux.org/misc.yml | 2 +-
host_vars/matrix.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/md.archlinux.org/misc.yml | 2 +-
host_vars/md.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/monitoring.archlinux.org/misc.yml | 2 +-
host_vars/monitoring.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/mumble.archlinux.org/misc.yml | 2 +-
host_vars/mumble.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/opensearch.archlinux.org/misc.yml | 2 +-
host_vars/opensearch.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/phrik.archlinux.org/misc.yml | 2 +-
host_vars/phrik.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/quassel.archlinux.org/misc.yml | 2 +-
host_vars/quassel.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/redirect.archlinux.org/misc.yml | 2 +-
host_vars/redirect.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/repos.archlinux.org/misc.yml | 2 +-
host_vars/repos.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/repro2.pkgbuild.com/misc.yml | 2 +-
host_vars/repro2.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/repro3.pkgbuild.com/misc.yml | 2 +-
host_vars/repro3.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/reproducible.archlinux.org/misc.yml | 2 +-
host_vars/reproducible.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/runner1.archlinux.org/misc.yml | 2 +-
host_vars/runner1.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/runner3.archlinux.org/misc.yml | 2 +-
host_vars/runner3.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/secure-runner1.archlinux.org/misc.yml | 2 +-
.../secure-runner1.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/security.archlinux.org/misc.yml | 2 +-
host_vars/security.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/state.archlinux.org/misc.yml | 2 +-
host_vars/state.archlinux.org/vault_wireguard.yml | 9 ---------
host_vars/sydney.mirror.pkgbuild.com/misc.yml | 2 +-
host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml | 9 ---------
host_vars/wiki.archlinux.org/misc.yml | 2 +-
host_vars/wiki.archlinux.org/vault_wireguard.yml | 9 ---------
roles/wireguard/templates/wg0.netdev.j2 | 2 +-
80 files changed, 41 insertions(+), 392 deletions(-)
delete mode 100644 host_vars/accounts.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/aur.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/bbs.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/bugbuddy.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/build.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/dashboards.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/debuginfod.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/gemini.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/gitlab.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/gluebuddy.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/homedir.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/lists.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/mail.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/man.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/matrix.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/md.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/monitoring.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/mumble.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/opensearch.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/phrik.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/quassel.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/redirect.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/repos.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/repro2.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/repro3.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/reproducible.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/runner1.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/runner3.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/secure-runner1.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/security.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/state.archlinux.org/vault_wireguard.yml
delete mode 100644 host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
delete mode 100644 host_vars/wiki.archlinux.org/vault_wireguard.yml
diff --git a/docs/wireguard.md b/docs/wireguard.md
index cb9230e48..9e05f6bd0 100644
--- a/docs/wireguard.md
+++ b/docs/wireguard.md
@@ -9,7 +9,7 @@ Many of our servers communicate through wireguard VPN with each others. If you n
wireguard_public_key: <wg-pubkey>
```
-1. Save the private key in a encypted vault in `host_vars/<fqdn>/vault_wireguard.yml`
+1. Generate the private key on the server with `wg genkey | systemd-creds encrypt - /etc/credstore.encrypted/network.wireguard.private.wg0` and restart systemd-networkd with `systemctl restart systemd-networkd`
Tips:
- Pick next available IP for Wireguard from `grep -r wireguard_address host_vars/ | cut -f3 -d: | sort -h`
diff --git a/host_vars/accounts.archlinux.org/misc.yml b/host_vars/accounts.archlinux.org/misc.yml
index dcd5d9d17..a50740c7d 100644
--- a/host_vars/accounts.archlinux.org/misc.yml
+++ b/host_vars/accounts.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.16
-wireguard_public_key: 8CbVXc2+FllLpZb/sv/csHzqaOOsasJlV0gmkIzhBXo=
+wireguard_public_key: crSq52AQ/ODcZekod0Xw/fBRALl3yv51gNMgPSFrxWc=
diff --git a/host_vars/accounts.archlinux.org/vault_wireguard.yml b/host_vars/accounts.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 7dd3b7133..000000000
--- a/host_vars/accounts.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39656138306339653936386338383364616566313037393563383133323734383235366234663430
-3836316538373966643036336532653534643236333361370a393862653165343964363065643439
-30626338313066353930663036653734323364633537616536393439306134363964346434313663
-6663663431343637380a353731316331386466353537303537666663333239326462633636326438
-39343936653031316431383734316166663739393738366462636361313762393034656330653332
-66336534396134613333646666356266306633326138353131623634343436393533383736633066
-32373663313632393430313464396131396262616162613733613562616464353131656333323935
-63653836383737663337
diff --git a/host_vars/america.mirror.pkgbuild.com/misc.yml b/host_vars/america.mirror.pkgbuild.com/misc.yml
index f46c37c5b..f4a0bc5a9 100644
--- a/host_vars/america.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/america.mirror.pkgbuild.com/misc.yml
@@ -16,4 +16,4 @@ system_disks:
- /dev/sdc
raid_level: "raid5"
wireguard_address: 10.0.0.27
-wireguard_public_key: aC544PuXq63LgIeOvVD5dw++9XJE47YKUqeRw3ol0Qo=
+wireguard_public_key: 5oI+dah4LlkUPBs/JI5lJAgDxBQa/+ofu0hLfxAkcio=
diff --git a/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 6e7dd6a62..000000000
--- a/host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39393666386564646432636132366332363234636531363930663564316235386639613431656337
-3533376363376332646161316230343566326266323230350a343561303331656134346634633132
-33333062303732363138373936363061303063306632636234363737623931613938653563353630
-3838356538316531380a306563613562376135656164363065346136376231666532313433326661
-39353831616463343833313361643032366363383565303235363733613964386137643236646661
-63656237663637653564396165306534316438663534356361333561643637663166363433313832
-38313563666636343737656530393061336262333334343166393862316432343162653266626366
-38623764343939386635
diff --git a/host_vars/archlinux.org/misc.yml b/host_vars/archlinux.org/misc.yml
index 4aa2c3dc5..26d40e708 100644
--- a/host_vars/archlinux.org/misc.yml
+++ b/host_vars/archlinux.org/misc.yml
@@ -11,5 +11,5 @@ fail2ban_jails:
dovecot: false
nginx_limit_req: true
wireguard_address: 10.0.0.1
-wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
+wireguard_public_key: 2Mk9WPdkf+1Q6Kk6g5eeX5xSHfCisiGJAdmSjRyefBo=
nginx_enable_http3: true
diff --git a/host_vars/archlinux.org/vault_wireguard.yml b/host_vars/archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 27a817afd..000000000
--- a/host_vars/archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-33623361656563376138323966373530383432393838323238343661306531363262653864626530
-3137643364303338663665343837343862356139633830370a633766373830306561353562656634
-63333861616437326132343765356231373963386563386131343462623962386333376236363339
-3433376666383135360a636663616238346435613635353834393739336234336536336366393835
-66616266356531663365633362333363376439633835616466633338353033376366633461653830
-33663763616233396636613661623138313831316436383566363361383535363766363764613164
-39336636393438363632383964303936346165633464616636386265356538383064333464316636
-31633635313539383134
diff --git a/host_vars/asia.mirror.pkgbuild.com/misc.yml b/host_vars/asia.mirror.pkgbuild.com/misc.yml
index 4fa7b4597..ad97f4e4c 100644
--- a/host_vars/asia.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/asia.mirror.pkgbuild.com/misc.yml
@@ -16,4 +16,4 @@ system_disks:
- /dev/sdc
raid_level: "raid5"
wireguard_address: 10.0.0.26
-wireguard_public_key: Bvia4T68/PCa01MSg+wclUJ1rJ5Hth9khui3y3Tr5EM=
+wireguard_public_key: cU2/3DKCNCWJwZP6SF7ifKHS+VFeC7VQ212eTof8IxU=
diff --git a/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 8aacbbc24..000000000
--- a/host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31366437643838616630653261666262376336623336363235386333313639633364626436366437
-3038366565393761643434623166363863326638666634340a353562383664373264636166346562
-38316634653136313038346261376434623030346464363465343235653365633932656131343936
-3433386162313537330a373538306161616263653937363335616666303639306461656433653233
-37323532336639666539353237393939336337363833646366363035393631626633636437333263
-65333831353362613364656135643131633738303134366361643561366538306430323161363130
-64396230653231636532396339316236643536663938643036636664653564343538663162393336
-61383037333965396330
diff --git a/host_vars/aur.archlinux.org/misc.yml b/host_vars/aur.archlinux.org/misc.yml
index c30553ba3..c70a8b310 100644
--- a/host_vars/aur.archlinux.org/misc.yml
+++ b/host_vars/aur.archlinux.org/misc.yml
@@ -6,5 +6,5 @@ fail2ban_jails:
nginx_limit_req: true
memcached_socket: "/run/memcached/aurweb.sock"
wireguard_address: 10.0.0.2
-wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
+wireguard_public_key: 51KGJWs3ZlI4tEdOpYFENhf22aETQEn9ApbmVyiF4zQ=
nginx_enable_http3: true
diff --git a/host_vars/aur.archlinux.org/vault_wireguard.yml b/host_vars/aur.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 2e5f684fd..000000000
--- a/host_vars/aur.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38303834643063336663396561303562333061313961346265666162313933323862386633306231
-3033663637323139626363343033663864656432393461610a643162623931326362653964373865
-64303239643366323834393136306434643239393865303663626439376238333131323163326165
-3138643036373536660a386236373536643937353132333933666664653132366361343839333932
-63363265383962626136616562633363306464616333346661366235303332636435343664396466
-39393936383038303663336431323034633730343432306233613731613064333261643938633166
-62623037393063353965336634326135663535613661343164316336643536303135353631613336
-30643062303161336532
diff --git a/host_vars/bbs.archlinux.org/misc.yml b/host_vars/bbs.archlinux.org/misc.yml
index 9f1d8614c..d59ffba8c 100644
--- a/host_vars/bbs.archlinux.org/misc.yml
+++ b/host_vars/bbs.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.17
-wireguard_public_key: i65GF9BaoTDvTXLJBpZWbuu2jV3F2mc0tH16Y6cQY1g=
+wireguard_public_key: F5gX6SV5aka/fxEkgsVm1YRCYoeDY6d/H5C9U3/SrVU=
diff --git a/host_vars/bbs.archlinux.org/vault_wireguard.yml b/host_vars/bbs.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 67edb1481..000000000
--- a/host_vars/bbs.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65346463623631643532663531316535373432383537343833613536643764353965376331333833
-3866313230356133326132633834376564396132393637360a346263393438633966663536643338
-37313034363665333433663163313334386437346635663336313363386534383635343463383935
-6330343133626235610a643536303231343435383265366434373562363236376233303365393430
-63353961663432316438653932326339653961646634343034373739643330363562633164343539
-38323061336364366533626536383661666238633230653466626361326466356534303735393464
-31393536653832366661393061663862366563333134333930373365316562386137323132613130
-32646164663865346363
diff --git a/host_vars/bugbuddy.archlinux.org/misc.yml b/host_vars/bugbuddy.archlinux.org/misc.yml
index 394edb390..602cad0f5 100644
--- a/host_vars/bugbuddy.archlinux.org/misc.yml
+++ b/host_vars/bugbuddy.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.44
-wireguard_public_key: vtu2TM79djeQQA0qqPVuZHxSHz8hdHQ1P15ONF6zSx4=
+wireguard_public_key: /x1Czg/8u24dVhi+WMSGeSbw2HKk3la0K8X1WsDk7yA=
diff --git a/host_vars/bugbuddy.archlinux.org/vault_wireguard.yml b/host_vars/bugbuddy.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 828a374cd..000000000
--- a/host_vars/bugbuddy.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36623330313366306639313763636132616435633030616363383733386663373966396466396532
-6239386539646333383436653435613731323666346365310a363663353436323562353930336662
-31303162656166333165303966346137363266393763383463633636623330373966376537623433
-3432353931333031610a663365653431356536343861363964323861366130636161633461323165
-65633966386166663064393830333061633466313033356538643466323138346531313838663133
-31356665323935316165633836636436316137356565323930393766623661393334306139343061
-37646266373236643332333736326264333866396137623237383361333362333832326161636461
-31616262616538643233
diff --git a/host_vars/build.archlinux.org/misc.yml b/host_vars/build.archlinux.org/misc.yml
index 0d926259d..6afda18b4 100644
--- a/host_vars/build.archlinux.org/misc.yml
+++ b/host_vars/build.archlinux.org/misc.yml
@@ -14,4 +14,4 @@ raid_level: "raid1"
archbuild_fs: 'btrfs'
wireguard_address: 10.0.0.18
-wireguard_public_key: /P8QGSFgvRETkYdsvAtNQWWT3pE7FpouCz+x1N4yIm4=
+wireguard_public_key: 9Lii487Uuzu5ihJwHx6RBpCiUWRHl9VGwC+Oz5wzejk=
diff --git a/host_vars/build.archlinux.org/vault_wireguard.yml b/host_vars/build.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 35a1b1abd..000000000
--- a/host_vars/build.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34353334323261383932313330303432363235663333643237613030346161313166383662313863
-6630323266346530646363333164656433366134626537380a366232303237656138336464626139
-34653130326137303465626130373437333238323936343661663466343036663233333736663732
-6161366463343234620a353833623438336633333562386366343638623339363235656138333931
-61333732326532653536376133313861333837303064616239646361366531373261666263343236
-63353234313634623131666566353738313566383136663366623761373466623530326465326132
-63383830363039313666666136353435623863383164613736303034346336316663316339616161
-37663539323132616462
diff --git a/host_vars/dashboards.archlinux.org/misc.yml b/host_vars/dashboards.archlinux.org/misc.yml
index 24ec725ab..f3d59778f 100644
--- a/host_vars/dashboards.archlinux.org/misc.yml
+++ b/host_vars/dashboards.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
ipv4_address: 157.90.255.107
wireguard_address: 10.0.0.33
-wireguard_public_key: lLZtvFIrmtUXRXmw+qQC8LZ00NzN1wlvcI4grNWt2lE=
+wireguard_public_key: Vv2qAjdcPpAvt1hOV5zc4WR6iTqmiPdDNr5+9Wv2Jw4=
diff --git a/host_vars/dashboards.archlinux.org/vault_wireguard.yml b/host_vars/dashboards.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 0e0635bde..000000000
--- a/host_vars/dashboards.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-37393533623530623933343165626263336435303161356262626137643866363763356162383164
-6331393262656363303261346361396131303566643634360a363632656333343533353162326630
-62373738383865383362666534336135346533643935333631373234373139366432306532636632
-3632356365313166610a393137356532363161386232393839386634313131353138383061306337
-30363939376639383234366239376230333266396633363261346265323337386333326231633162
-39363036646539396464376637303732653530323164663266383264356662653462353135373137
-33343462653434646430316233303161353131633366656133396362313632633663353938613837
-39643334316165653332
diff --git a/host_vars/debuginfod.archlinux.org/misc.yml b/host_vars/debuginfod.archlinux.org/misc.yml
index 24c6fcf8a..4f385dfa6 100644
--- a/host_vars/debuginfod.archlinux.org/misc.yml
+++ b/host_vars/debuginfod.archlinux.org/misc.yml
@@ -2,4 +2,4 @@ filesystem: btrfs
ipv4_address: 168.119.240.111
ipv6_address: 2a01:4f8:c010:74d4::1
wireguard_address: 10.0.0.35
-wireguard_public_key: Wp9ruR2+pCj0TsATuJZiUxk9x6BwcUhXs/yZlmGYjRE=
+wireguard_public_key: R3ZlD7HmoiGH2FyIGSaiYc1hIA7JHp3ivXQlRGc7iyA=
diff --git a/host_vars/debuginfod.archlinux.org/vault_wireguard.yml b/host_vars/debuginfod.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index b395246fa..000000000
--- a/host_vars/debuginfod.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-61343637613538316638633261366364313430343464663133316466636666366233643062373133
-3335333266643631623933646261313532393564653631380a616561636336643139353039626431
-63303531656163333965653262396536353631353366373135313666393236383633363434376535
-3161323733613963340a623733633362306465653162663434363838326665633338333836646236
-61383336623365383236393866653465633834376139366435303839343032303430363736306533
-33633434356563373932313861363666376432376264383933323262396430656630633862383237
-62333435303239396537306362323866653230313733386332636164333066633334303738333061
-30633265623035633231
diff --git a/host_vars/europe.mirror.pkgbuild.com/misc.yml b/host_vars/europe.mirror.pkgbuild.com/misc.yml
index 42be3532f..031e2f146 100644
--- a/host_vars/europe.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/europe.mirror.pkgbuild.com/misc.yml
@@ -16,4 +16,4 @@ system_disks:
- /dev/sdc
raid_level: "raid5"
wireguard_address: 10.0.0.28
-wireguard_public_key: rg3PyaA3nXNZt2C8l4tvzMiTOT47a/jU11WR3EzU0Co=
+wireguard_public_key: 3C9yMutZJfOn2UkOhnGeM9DnLFJaeo6uTY9CGRlBZVM=
diff --git a/host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index d5fc6c6af..000000000
--- a/host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-63336430306539626434643065393363633038356666376233346339616663636266383961333234
-6636383163326238373837613831316633323762376634610a353266623334323232353362373432
-65623034326266313135616235313663326166616534376530343032373865313938333831393961
-6436666262353331650a336465636435383635326433353735663135343931346531643533633735
-61343064353137626635353361623334326436393366376161633337333161396466666138623533
-64343937313233633834306337356136333339633131663130653966303164343436383238653036
-39323461386631336230346461323161313361386332383730316162636434623234613932363132
-32383662633166383530
diff --git a/host_vars/gemini.archlinux.org/misc.yml b/host_vars/gemini.archlinux.org/misc.yml
index 57221a701..2920396e8 100644
--- a/host_vars/gemini.archlinux.org/misc.yml
+++ b/host_vars/gemini.archlinux.org/misc.yml
@@ -16,4 +16,4 @@ raid_level: "raid10"
archive_domain: archive.archlinux.org
wireguard_address: 10.0.0.20
-wireguard_public_key: 6foPuhPBEUi+tPP7PjFT1nKpEksyyqT8zAX+yOjWDVo=
+wireguard_public_key: GiMqMcJ7aEuW6rRwXsj27S+w7orx7Etnjq+dE6RhoSc=
diff --git a/host_vars/gemini.archlinux.org/vault_wireguard.yml b/host_vars/gemini.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index bb6ca687c..000000000
--- a/host_vars/gemini.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38353761363039393465666663343232333730633633623363626238313734316466333038623563
-3539363134386663623837633332623062313537613137390a376261626466616138613838386664
-62366238373334346335356330393737383531353862616564336630326435666362646634313137
-3336663535333266660a626336643663343764346637303635636338346430633066353965633331
-63353131616434376238306165616432333331646334316262613564396535633831646235636339
-39656335656663323131613033373136613965343266316631366437343139626333313735346230
-33623532356437363262353330656431336238323535376633336262643836616334306463373064
-32353562616465323637
diff --git a/host_vars/gitlab.archlinux.org/misc.yml b/host_vars/gitlab.archlinux.org/misc.yml
index 8e2fff52a..9438ba5ee 100644
--- a/host_vars/gitlab.archlinux.org/misc.yml
+++ b/host_vars/gitlab.archlinux.org/misc.yml
@@ -3,7 +3,7 @@ filesystem: btrfs
enable_zram_swap: true
additional_addresses: ["213.133.111.6/32", "2a01:4f8:222:174c::2/64"]
wireguard_address: 10.0.0.5
-wireguard_public_key: EbZisS0fwM6B8Nkugy1lyox+A8L13hniucVIPVCK5R0=
+wireguard_public_key: ebEWzriL3dohjDP49Hp+SGHZBnzx8fjnohDN3igQlCc=
hostname: "gitlab.archlinux.org"
network_interface: "en*"
ipv4_address: "213.133.111.15"
diff --git a/host_vars/gitlab.archlinux.org/vault_wireguard.yml b/host_vars/gitlab.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 07d4a86f6..000000000
--- a/host_vars/gitlab.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62333862633232666133396661646562343766373561306530393438666532333766316565396439
-3139653036626231376135353438643164633632333430330a313836393862396636303539623732
-36396438616364396161333837366630373033326165663566393638623664383062663036636161
-3333623232393932650a343530616562316538366236376133663161353432656232366639316333
-34373232303731356134646437666432613931363863353934393338636438663133366131633765
-36626163623832356264326637363664303532383236303066343730303338343164616331616130
-63393830313239336662386563303763336537636364396265653763626231323535623931663733
-31643134323036366535
diff --git a/host_vars/gluebuddy.archlinux.org/misc.yml b/host_vars/gluebuddy.archlinux.org/misc.yml
index 71dafc5ef..22549439f 100644
--- a/host_vars/gluebuddy.archlinux.org/misc.yml
+++ b/host_vars/gluebuddy.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.36
-wireguard_public_key: iiwiHp6b9fmepXLNZ0xFMWIhF2u2a8oEpQI1TTDR4zI=
+wireguard_public_key: YqQMISqTUwXPphhfBDXGcbwjEkz8xgtsnaazFCIGgmk=
diff --git a/host_vars/gluebuddy.archlinux.org/vault_wireguard.yml b/host_vars/gluebuddy.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 36f3e7c5d..000000000
--- a/host_vars/gluebuddy.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35653438346435353864333261343463303935353839656630646562383533343363343737656261
-3232383964383163666464626464623861373838316630390a346232373835623531616530363839
-32656164656234626231353938626431306265623939343334623938653530306665306338363365
-3530323765396365610a643364333239666533366231633964356333656531336438656164343034
-30613066653961343066613735663161626361393863656135326162666632646237383037383464
-62313230343739316137303134313161633331393165636138376666303431353430383265343361
-34353339643737366331366631383736356564623436306266663233333033383134393364653538
-35313833623238383263
diff --git a/host_vars/homedir.archlinux.org/misc.yml b/host_vars/homedir.archlinux.org/misc.yml
index 2cedefb56..bcb61456d 100644
--- a/host_vars/homedir.archlinux.org/misc.yml
+++ b/host_vars/homedir.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.13
-wireguard_public_key: 0MrXhX6fmtetZ1Rnu93+rQ8yWgOmxrwyY/hXSsy98FI=
+wireguard_public_key: 67qt5z1YsqhLTnMFo96YoDwtXDFmukF3EcWtrV5ZCHA=
diff --git a/host_vars/homedir.archlinux.org/vault_wireguard.yml b/host_vars/homedir.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 89ffd4b6c..000000000
--- a/host_vars/homedir.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30376666373438653038303032343464623137316436326166623165633662373332643862633430
-3233323766326364303664396461303734323237323938640a373737383531336433666136653335
-35343036333037316536323335393562306531616565343533613663356635366365313565646437
-6262653233623464350a623561396338306465633836386639383837323963643163313539346135
-62366663393561613562336363626431646161356233336332363863343835303535353465653731
-39383539386136666230313537626664353531613063643534346237336566656232336239623439
-63316135316439626431633737323539323235383564633438653264323164386634656336666665
-37383966663335333639
diff --git a/host_vars/lists.archlinux.org/misc.yml b/host_vars/lists.archlinux.org/misc.yml
index 88b8ca576..78a395dea 100644
--- a/host_vars/lists.archlinux.org/misc.yml
+++ b/host_vars/lists.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
ipv4_address: 95.217.236.249
wireguard_address: 10.0.0.34
-wireguard_public_key: t6Er4qAMe/lWNnAByWdXhbUwXKYfj9CkkJgMp28UQl8=
+wireguard_public_key: XUbI7fDRKPbG/MIfgH3c4fNhC28F4aXWvknOEV3CxUg=
diff --git a/host_vars/lists.archlinux.org/vault_wireguard.yml b/host_vars/lists.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 3475cb29a..000000000
--- a/host_vars/lists.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30376334303766393530356533356236313866373362313461306661303663343764313238333064
-3332633062616133643331363765636534646666336634360a373630646436623962643532353430
-64306462373461313962636535613831623336303231643665303962353263323533313361366562
-3937393761303434330a663366623862636137346230653665343238323166303761353231643633
-30623061343234643136323338386333363336366162656463656439363631636661366535326264
-33616636343239383735373230306164346163663765633165376136626430653238333630613033
-34323863333865386535343032373531626464356537626531353563633239356665663463343435
-30313365356632356336
diff --git a/host_vars/london.mirror.pkgbuild.com/misc.yml b/host_vars/london.mirror.pkgbuild.com/misc.yml
index fade8a9a1..ceea6704b 100644
--- a/host_vars/london.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/london.mirror.pkgbuild.com/misc.yml
@@ -14,4 +14,4 @@ system_disks:
extra_disks:
- /dev/xvdb
wireguard_address: 10.0.0.43
-wireguard_public_key: FuhMj8Vrk0HUR10O2dmgeXtw+bMAuhNesYD+h0lKgSc=
+wireguard_public_key: PRjfJjtYe8GtihCw2cm+ocWFZpEtVdKC3B1C5AsPC1A=
diff --git a/host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 840b56545..000000000
--- a/host_vars/london.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30663137336130633937383231343062333664636631323739373164663563363565383435633362
-6331356532616630373432373031383139613633646461330a373936663337326633656464353862
-36326239373864383662343737313436653639383562303433363634323562653637373236653736
-3765663532643338650a626433353131353730623864646535646138333236316563353032616235
-38653765306433656539383533653930376564663361356134303539316335636435616130383234
-63346238323761343635326263396362656663363237336232663039346465656265616366373433
-36353862386661366563366535383439333531656564366238323032656232633462336166343766
-37613432323131623461
diff --git a/host_vars/mail.archlinux.org/misc.yml b/host_vars/mail.archlinux.org/misc.yml
index 59af3f7a6..1578747fc 100644
--- a/host_vars/mail.archlinux.org/misc.yml
+++ b/host_vars/mail.archlinux.org/misc.yml
@@ -11,4 +11,4 @@ fail2ban_jails:
ipv4_address: "95.216.189.61"
ipv6_address: "2a01:4f9:c010:3052::1"
wireguard_address: 10.0.0.14
-wireguard_public_key: +RJ/ZNRmw2uCHxSjJZHftk7lWUl5nJ6VSZww8GPwhEI=
+wireguard_public_key: zB4ALQPMOYu8yzGdiDL1AHgowmVZHc2OUJq1igy3Ixo=
diff --git a/host_vars/mail.archlinux.org/vault_wireguard.yml b/host_vars/mail.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index d265d493d..000000000
--- a/host_vars/mail.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62626465353239316533326230313635626163313135623035626565326434663662646638396434
-6366633335633138616232313937373137656461346533630a306261643164386537336632306165
-34656236666464393437326662616264373564326533636333353037663439626331383836623364
-3261336364376535360a313531333734346361313565666463393133633232363264653336363962
-64616239366539643664343664313763613739336665313965366134383534646439373535333064
-35366237636161636638653264313161633664376439336431306238646631303364653733343363
-38336430316636626633376464366135666465393133313664303766366662386135343562323961
-62316563313335653738
diff --git a/host_vars/man.archlinux.org/misc.yml b/host_vars/man.archlinux.org/misc.yml
index 20670b4f3..309361c0e 100644
--- a/host_vars/man.archlinux.org/misc.yml
+++ b/host_vars/man.archlinux.org/misc.yml
@@ -5,4 +5,4 @@ fail2ban_jails:
dovecot: false
nginx_limit_req: true
wireguard_address: 10.0.0.32
-wireguard_public_key: PkAuiYdsDs4eI9JytK8MUCK1umDblQHg1SH+Z80zs30=
+wireguard_public_key: CuhJyhmHsi0ccdeXgXRacqnFVfYrjVDHxfPPOLehkhw=
diff --git a/host_vars/man.archlinux.org/vault_wireguard.yml b/host_vars/man.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e5522b614..000000000
--- a/host_vars/man.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38616234353738326336653335323964663662306561626566643536613433633836386661366531
-6437303134663639633730386132643239363338346631350a343035326230623337636539653163
-39333736623832653661663237366632373835653536323038333966646330643433363136303232
-3133306331353433300a653031313937363932663333373639343030313539363361653239326634
-34623736646634626263636430303863336364363731386335666638383530626630343534396363
-37383865643135356463656637333535343130303736636162363437636338643866333263616565
-38653133336666663336346535376362333730323831626666346231343431333662343562656238
-63336131343538623136
diff --git a/host_vars/matrix.archlinux.org/misc.yml b/host_vars/matrix.archlinux.org/misc.yml
index a55baad62..0b9c4c827 100644
--- a/host_vars/matrix.archlinux.org/misc.yml
+++ b/host_vars/matrix.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
static_dns: true
wireguard_address: 10.0.0.15
-wireguard_public_key: QWkTL58mJd0+Lz5AvGVmbdSSk29y/W60WUdhTgyGLCk=
+wireguard_public_key: Oh6gZG9HbchVM6xiYOJQ6JpF6QD7EeRD7Xa6c5fr5CA=
diff --git a/host_vars/matrix.archlinux.org/vault_wireguard.yml b/host_vars/matrix.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 62fe048cb..000000000
--- a/host_vars/matrix.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36613831313163623938383038323864636135343739353730363235613863346165346139326533
-6230386139626263386234393034316132326266636463360a646365313036376664663338396631
-39316563356164396564333734303934666139383233313833353139343165376135386562333431
-3335336265623531630a666235666538666330623739376566343336353334313831623661646662
-35303535353333343266343061633836383361623766653433333936393837306161366161333332
-39356264326235373338316331353365666461313133373135393233326661366134313466653462
-38366135633661666135356338636665663636323839353830653364346130633466623636623733
-62386133323037656163
diff --git a/host_vars/md.archlinux.org/misc.yml b/host_vars/md.archlinux.org/misc.yml
index eeb99d450..c8e3e8849 100644
--- a/host_vars/md.archlinux.org/misc.yml
+++ b/host_vars/md.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.31
-wireguard_public_key: eCIzf+ckdWPvJYjNaxdlLRH9kq9mfJZswA8KwCmtJgQ=
+wireguard_public_key: g7VwZ5+sEAaKfMY/322ajv2tAXarJj96u9mhH3SK6no=
diff --git a/host_vars/md.archlinux.org/vault_wireguard.yml b/host_vars/md.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e477a0388..000000000
--- a/host_vars/md.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31623265383262313831373633626639636234613863316666613066663565333830376134353763
-6536636564383531363065663932306135663762666266330a613638326239396663353163373237
-30643364373932346161303137383631346235313430356664396639313135303031623566613266
-3132343161383163610a623236303366376166633463383436656338303232653663393332313031
-34316136306237663236336539346330653833336435333835643131396135663661613532393736
-38373437343031346336396230303733326136356635306530343933393530366237393862663663
-37366231316266623235316162313930306436396465663265636638623063323366363166643965
-64656366623263393462
diff --git a/host_vars/mirror.pkgbuild.com/misc.yml b/host_vars/mirror.pkgbuild.com/misc.yml
index fabd834ff..1d0c4bc91 100644
--- a/host_vars/mirror.pkgbuild.com/misc.yml
+++ b/host_vars/mirror.pkgbuild.com/misc.yml
@@ -7,4 +7,4 @@ ipv4_netmask: "/32"
ipv6_address: "2a01:4f8:c2c:c62f::1"
ipv6_netmask: "/64"
wireguard_address: 10.0.0.12
-wireguard_public_key: auE2J1+MYo59uZIwADncjCfSX7/Q0YdvmG+CVIgvtgo=
+wireguard_public_key: T15w8Cgri7djo6an/uG/8yr8f5KAsnnKyTgIw4dkr2I=
diff --git a/host_vars/mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 25247efde..000000000
--- a/host_vars/mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62626230326130313737373364316363346633353133373761386232616438333631313761363264
-3961373438333933386432343563346238623137653639350a323365663562373737383463306166
-39326335366439666239386536623939336132313432336638393663633535663538396434613066
-3062636561323964390a656464313464623764303332343332653337383130373138323165626137
-64626536613266653032393837376561616132366436636666386636616664346161636630613966
-37666535643834396536323136313331356630653335386133626464353064626532636665666231
-66336663663139373563303838636131663530646632333536363362653663386632316133313038
-62316633363362376164
diff --git a/host_vars/monitoring.archlinux.org/misc.yml b/host_vars/monitoring.archlinux.org/misc.yml
index 6103dd420..4e6eb2d25 100644
--- a/host_vars/monitoring.archlinux.org/misc.yml
+++ b/host_vars/monitoring.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
ipv4_address: 95.217.220.31
wireguard_address: 10.0.0.4
-wireguard_public_key: LR3lPa9ABwUkvbm3NqdxeAqX+NOG8FpbICG/+1Ra5lg=
+wireguard_public_key: h+Zio6WZ+Q2mrC48eLARL+9pKveFh5QM3mckFkfcLSQ=
diff --git a/host_vars/monitoring.archlinux.org/vault_wireguard.yml b/host_vars/monitoring.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 83fcdcc71..000000000
--- a/host_vars/monitoring.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36666165326462633137383036363030393739623732633861613630393963383963643233396138
-6661656539326562633336353366653365393161626663350a626135343361333637313464616636
-62326165623663613739393538626362303131623063383439656530346666653432356637613466
-6465356361643332380a623764346134323432376235373231623831633931323236623838613833
-66366265643166653932653133373131303739383239323936336336316232643533313963616537
-66356137643465376134626438616163393636636435356265323166316664636532616435373239
-63393232316439346432343835653265303761653236386338353564343063646430363133363462
-32343637313639396335
diff --git a/host_vars/mumble.archlinux.org/misc.yml b/host_vars/mumble.archlinux.org/misc.yml
index fb85020c4..ed1b2e49c 100644
--- a/host_vars/mumble.archlinux.org/misc.yml
+++ b/host_vars/mumble.archlinux.org/misc.yml
@@ -9,6 +9,6 @@ fail2ban_jails:
dovecot: false
nginx_limit_req: false
wireguard_address: 10.0.0.46
-wireguard_public_key: jiA9adrFKJuZsxS1DMHi+gkb4iWj3w0CNGWY/elxpzk=
+wireguard_public_key: BD2cbLkESFRPLy4luZlwEPc45yBFmd1Ti2nSFd1hVBQ=
certbot_dns_support: true
certbot_tsig_name: mumble
diff --git a/host_vars/mumble.archlinux.org/vault_wireguard.yml b/host_vars/mumble.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index b2e3c7221..000000000
--- a/host_vars/mumble.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30613530316630386565666462353635333163343337383639346132366562616533323036633433
-3131353639386564353062626639313937333661323535610a353463353866303962333230633632
-64316664643431616537396233363730333332633134376661633137643135366461643531626363
-6435613738396132650a353130653335373630356336613339363463313562323962373833363831
-32663166366135323939386336663061356637616364636439323430633837616534663139396562
-62333964613937623763646637346136363638613138366335383765376131666536363539353938
-34653030393432373666663934386439396135346532373739333838373036326531656635663532
-64306330643130663936
diff --git a/host_vars/opensearch.archlinux.org/misc.yml b/host_vars/opensearch.archlinux.org/misc.yml
index 961fa4e60..ecb89c703 100644
--- a/host_vars/opensearch.archlinux.org/misc.yml
+++ b/host_vars/opensearch.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.42
-wireguard_public_key: 2f19yTsYkrv5xp7V4kREsuisbFc7Wew3gxd7sS/LyXc=
+wireguard_public_key: CRtFlKdquOb5P62czuhhzA10teUh/iY/xPPEoOj2gFM=
diff --git a/host_vars/opensearch.archlinux.org/vault_wireguard.yml b/host_vars/opensearch.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 074f8eddd..000000000
--- a/host_vars/opensearch.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66386538386463623062666662656563383738343831326166383361333365383231663232383662
-6530633164346531613431343530373334376437373132650a383731653464626236346265346638
-35303861636134663839363236626335303035633730363339613331643535323938356436373065
-3266616166663330660a346338303830313136386338323135353563636539393261616562616262
-36326438353233316661383231613639393437616336653734613330376334376563386231346334
-62313733313265383963396665623566623232346363633566323439303466383835346134353432
-63323039643932643663323538383563623134313730653336623631383363346239613038633030
-31616365656634326339
diff --git a/host_vars/phrik.archlinux.org/misc.yml b/host_vars/phrik.archlinux.org/misc.yml
index 63bef3a15..3c8de337a 100644
--- a/host_vars/phrik.archlinux.org/misc.yml
+++ b/host_vars/phrik.archlinux.org/misc.yml
@@ -7,4 +7,4 @@ arch_users:
- tu
arch_groups: []
wireguard_address: 10.0.0.9
-wireguard_public_key: ETzZyW9HAwDmJffZOiLH+DF+wl7bR37NYDEtn/zm+hk=
+wireguard_public_key: ZDCc0Flid5Fv0fezfioduAyLJzFiPenQTjXFtoFadiM=
diff --git a/host_vars/phrik.archlinux.org/vault_wireguard.yml b/host_vars/phrik.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 48f7aaf26..000000000
--- a/host_vars/phrik.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38626464643564313732323435613965383239376631306566616263343165356161313031396433
-6139646439386531383533333237303530653636356461300a633934303633623764366438383132
-62366337353362343364396230336430373830313339613865653636333463656437616461313737
-3534333537646436620a316132656263306338346264616531373630353862323838626339636232
-36363136376431643263623235653264663934613439316136333337343762386561313834646264
-39386431396661616162666330623435616131363137373461306337613930666539653634396434
-66633231383232343832346636616232343539373831666534363031303965313532363632336535
-36366439653236653363
diff --git a/host_vars/quassel.archlinux.org/misc.yml b/host_vars/quassel.archlinux.org/misc.yml
index b5f206f0e..fb1128cb3 100644
--- a/host_vars/quassel.archlinux.org/misc.yml
+++ b/host_vars/quassel.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.10
-wireguard_public_key: 4SFiwJRHbGSDtEypEDhS6ar2jmwfBwthPSGHZ8XShXY=
+wireguard_public_key: JkSDACCDONV5Lb+VCyntTVer4VT8Wiif2MQ7+jQg5AY=
diff --git a/host_vars/quassel.archlinux.org/vault_wireguard.yml b/host_vars/quassel.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 88ac3f473..000000000
--- a/host_vars/quassel.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66383930653234636164396535316364373836363636386263666132316161643635633335316565
-6639613935626533663637663733333333346438393637370a383436646565656232613639323564
-38356666376133656338343032356236646665396439393134356162366230326338313564333337
-6231333532636537320a343463363339336431626661363737383637643961666663336663656161
-30373439633134386237333636393032306132383335306234393338373636313035646338343034
-31323763646561613638373839396232616235656537633230653438656137363265333238343661
-62346361346432346364306136646462626539383462326231613135323230396439313030373332
-38366130653463366430
diff --git a/host_vars/redirect.archlinux.org/misc.yml b/host_vars/redirect.archlinux.org/misc.yml
index f33e80c00..7615c9562 100644
--- a/host_vars/redirect.archlinux.org/misc.yml
+++ b/host_vars/redirect.archlinux.org/misc.yml
@@ -1,6 +1,6 @@
filesystem: btrfs
wireguard_address: 10.0.0.25
-wireguard_public_key: n11Ps2sc0Cxsi1sLaYFq7dkhlDtTnOZCGovRYbzDGR8=
+wireguard_public_key: MOhw0Jk1S526WtcvvMdxHxLRMSSQPkv3AeH09W0wWxo=
ipv4_address: "95.216.195.133"
ipv6_address: "2a01:4f9:c010:2636::1"
diff --git a/host_vars/redirect.archlinux.org/vault_wireguard.yml b/host_vars/redirect.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index aa5118601..000000000
--- a/host_vars/redirect.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38393434303739353261646462323137666163313335366366333930396462323762343038623436
-3331633437333536363437343236303236386531303030360a393331353863636137383539376439
-38616533333337313739383063343039303261366330313261613262383465336634366332623732
-6531363161643636320a376639333762383133346437636464643266363862333737653864353366
-30333836333966653131326235663537333437343934333032613261646339633332343261353735
-37653230386636366539343265653736373061343262316339613139353737306664616633346335
-31393063353339363834653966396535373764366531636137643666306532306138373137636163
-37663539366239373864
diff --git a/host_vars/repos.archlinux.org/misc.yml b/host_vars/repos.archlinux.org/misc.yml
index e3e01509d..e8e867a27 100644
--- a/host_vars/repos.archlinux.org/misc.yml
+++ b/host_vars/repos.archlinux.org/misc.yml
@@ -14,4 +14,4 @@ system_disks:
raid_level: "raid1"
wireguard_address: 10.0.0.45
-wireguard_public_key: MDt3DqmYppnV81CFHLII1O80BWFGYeGGNrDWlQcX5H8=
+wireguard_public_key: ZE7fr78hG6eB3Qjhys0n7DxplMBbcWzBGI7DhMvCeDc=
diff --git a/host_vars/repos.archlinux.org/vault_wireguard.yml b/host_vars/repos.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 2912bfe8c..000000000
--- a/host_vars/repos.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31636166336635646637363937613362656434373536616461323562313134333035366436326632
-3834663131386336356331373530356533383238626361380a326233643634653433633733623865
-37616439396230303431393730326662646633613838313532393536393365326562653561653264
-6631616564333265660a343765636564383065353831386531353138373234386538323836623532
-62343662393739626630343062643964343535353931356337643661663238393130346634373362
-66373364623962363637653963643631393438386264323630316234386531383931383264643462
-66306337313864353761613433393961336438636632616435393163353462613765666162313333
-31646239623765643531
diff --git a/host_vars/repro2.pkgbuild.com/misc.yml b/host_vars/repro2.pkgbuild.com/misc.yml
index 0c0e995d3..6888b8802 100644
--- a/host_vars/repro2.pkgbuild.com/misc.yml
+++ b/host_vars/repro2.pkgbuild.com/misc.yml
@@ -21,4 +21,4 @@ rebuilderd_workers:
- repro23
- repro24
wireguard_address: 10.0.0.29
-wireguard_public_key: PQDUQxGH6n3PY/dqlDk6DsSV5XBYQvJWJbVJldEuYic=
+wireguard_public_key: L47UZExXfMnoPAtcM3hRxkdsPEdvl+hfAJYtUx64lwc=
diff --git a/host_vars/repro2.pkgbuild.com/vault_wireguard.yml b/host_vars/repro2.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index a05715f1e..000000000
--- a/host_vars/repro2.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39343032623831616438633561333734393536393033363533393966363332666564333834636333
-6564636661313937346263666535323862663364646634620a303937353432356463653664316262
-30393862326564643063336434653830303235373836373639386261346233363137356163313564
-6162343237316539650a343139306164643530376636626537383633666266643536393235623361
-39373966333632636537313966623264653739613963353636613266303061613132633831366162
-38663263333731326337633261303239373834356233613766383933356631636661613734383862
-65326537303361663466303833383762646232373336373231393866613762326161333564313362
-36386364653036623237
diff --git a/host_vars/repro3.pkgbuild.com/misc.yml b/host_vars/repro3.pkgbuild.com/misc.yml
index 05d0c4f32..9b3a8a31d 100644
--- a/host_vars/repro3.pkgbuild.com/misc.yml
+++ b/host_vars/repro3.pkgbuild.com/misc.yml
@@ -19,4 +19,4 @@ rebuilderd_workers:
- repro31
- repro32
wireguard_address: 10.0.0.40
-wireguard_public_key: wG9TkWIw+g0WvOWChIqllpIh3+DjIDKy0XYh+pM+CS4=
+wireguard_public_key: 9rIoEz3NZnprT2CIb/NpRiX6XsUAkgLwIaG3p9IcHlI=
diff --git a/host_vars/repro3.pkgbuild.com/vault_wireguard.yml b/host_vars/repro3.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index 86cb20704..000000000
--- a/host_vars/repro3.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-33343930633664323330376165323137396432613264316633326363356537303463366133313639
-3565623331366636383065363965643461303032353262620a613839313663613931303832643031
-36313563346231376135393836343962666161316364666165353031643662623133383864356330
-3961303563316434620a303961333934613835333166333334653033633532633764363131373336
-61626261313137643830626338666135333031626334666661386237306235656537626434643763
-36393636323137323039386566306133303530616435633931343964613631636362343330613131
-61303430623634353739366365356137656136633631316637346533646163343937666561386665
-37366362336238653935
diff --git a/host_vars/reproducible.archlinux.org/misc.yml b/host_vars/reproducible.archlinux.org/misc.yml
index e6004748e..8b4a2e3f1 100644
--- a/host_vars/reproducible.archlinux.org/misc.yml
+++ b/host_vars/reproducible.archlinux.org/misc.yml
@@ -1,4 +1,4 @@
filesystem: btrfs
zram_fraction: 2.0
wireguard_address: 10.0.0.6
-wireguard_public_key: F2X4lMxdET35mceNtRVqSxVVbwEUVey5IjveG0yHJ0Q=
+wireguard_public_key: d/emQtrNru4RLGGLc4TUfM3kHZrQZcweW3IGyHKHoUo=
diff --git a/host_vars/reproducible.archlinux.org/vault_wireguard.yml b/host_vars/reproducible.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 8447be97f..000000000
--- a/host_vars/reproducible.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35666639643636633339303064353631316266383633396438326133346330376334306639393062
-3262633562623066616561663562366263303561633937330a353461393661363736653063663732
-62633838613632316365633064383938643732373035623465323037616530323832366431323461
-3430623431303838330a386466356463653262396663613537343833653366646633323932616239
-64323466343864653436363262643864323561653038633465636463633239643736303436343432
-33363930663232623034626131333437303133393139316338356633363136376130303063326432
-39653035613061373964643830323534393339623734663632316361336164306234626165383235
-65653036353432306362
diff --git a/host_vars/runner1.archlinux.org/misc.yml b/host_vars/runner1.archlinux.org/misc.yml
index fa7d466f0..e00a85f88 100644
--- a/host_vars/runner1.archlinux.org/misc.yml
+++ b/host_vars/runner1.archlinux.org/misc.yml
@@ -16,4 +16,4 @@ raid_level: "raid1"
configure_network: true
wireguard_address: 10.0.0.30
-wireguard_public_key: VghPKlYaYYcdt4peH2n9X95ebTamz2MeOI8NvMTmomI=
+wireguard_public_key: HNs19dDeutg4yA2twh9Qw26bfVA1J9Z5rrBYSye0q2k=
diff --git a/host_vars/runner1.archlinux.org/vault_wireguard.yml b/host_vars/runner1.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e001efd70..000000000
--- a/host_vars/runner1.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62373830363439396663313462346231323262393932303530643531616137623733343032343564
-3966366530383432383930363433383065616164663132350a303463643432353939373662303433
-34646431343932356562333366623734343939343139393131383166333231386263353361636165
-6535366335623738390a366432653561656439646537373037613639663836363439343438636333
-63613835633038326261383665306530623637653165336334653339623637323163643630356533
-62363762646665353263656635663661613964316261616230343065336532626565343331313466
-37616337373036336263626433373138666266633030666631643065646332386433383836356537
-65373363363235336631
diff --git a/host_vars/runner3.archlinux.org/misc.yml b/host_vars/runner3.archlinux.org/misc.yml
index 4628a299d..540c5f0b0 100644
--- a/host_vars/runner3.archlinux.org/misc.yml
+++ b/host_vars/runner3.archlinux.org/misc.yml
@@ -13,4 +13,4 @@ system_disks:
- /dev/sdb
configure_network: true
wireguard_address: 10.0.0.41
-wireguard_public_key: V2GA/YWnz0toKZ8GR3w3uzMwgHr5vqMzXVL5d3e1Y0s=
+wireguard_public_key: flSHBQWtwvO/OavyFGN4JaO+ezgoi42nCJxComtpPCA=
diff --git a/host_vars/runner3.archlinux.org/vault_wireguard.yml b/host_vars/runner3.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 059021748..000000000
--- a/host_vars/runner3.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39326530623136386332396132333331643764663066346233303563323338653362663337333734
-3438343861366463393234306663623533636631323837360a666430646563313266653530383035
-66393931343130613631623634663531386434626266626165373066326433353532353135373436
-6431623763373533330a316664393137383466326435323139333831323865326563303036323135
-36323961323637316636663164383834383634393834363361643431366465376439393661383139
-61303239383061623865653436303261326461303631646534343334363732353661616263363762
-36346537613138323231303433643762323231656461643863643032393337653730393535643539
-61653666653032666564
diff --git a/host_vars/secure-runner1.archlinux.org/misc.yml b/host_vars/secure-runner1.archlinux.org/misc.yml
index 90e3245db..a7ef784f9 100644
--- a/host_vars/secure-runner1.archlinux.org/misc.yml
+++ b/host_vars/secure-runner1.archlinux.org/misc.yml
@@ -11,4 +11,4 @@ system_disks:
- /dev/nvme0n1
- /dev/nvme1n1
wireguard_address: 10.0.0.8
-wireguard_public_key: 6cb0sL2PgD55IXWr5j/uIn9wCgUL+HT83vWrxWClSBU=
+wireguard_public_key: Ltuc7ESRSuy0fbtl0an7kC6nlpm0GgrDkan+3Cnszng=
diff --git a/host_vars/secure-runner1.archlinux.org/vault_wireguard.yml b/host_vars/secure-runner1.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index cc1499616..000000000
--- a/host_vars/secure-runner1.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30396262386461333862653131646263626435376237326130336631636633616134373530393661
-6564393630323961346264623565393563303833326630390a363432343365386166313631383564
-39306335616163343831653934643536386466306139393732666239323930383330666231313239
-3237383366643063390a666137356536643735663735613936373732353535323462383364326239
-31653466656536666234383863646335663564626637356637626662643433366434613361303737
-62653662363630353963623534646562313661373766623033353663633632383533623030363437
-65306264363932346631623132643836653862336532333638613064613631343961623539333165
-66303363323566623437
diff --git a/host_vars/security.archlinux.org/misc.yml b/host_vars/security.archlinux.org/misc.yml
index eeb8472e9..e2382eda8 100644
--- a/host_vars/security.archlinux.org/misc.yml
+++ b/host_vars/security.archlinux.org/misc.yml
@@ -1,6 +1,6 @@
filesystem: btrfs
wireguard_address: 10.0.0.24
-wireguard_public_key: CENgItOHJI/lLUNcUNpC+1oZJBvX/G+nemAKZYfCSCw=
+wireguard_public_key: 5TMXSk3wbltxbfaBaMcrRmEZ4hfyhDRttlZbfb58U3s=
fail2ban_jails:
sshd: true
diff --git a/host_vars/security.archlinux.org/vault_wireguard.yml b/host_vars/security.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index 99d8f7d64..000000000
--- a/host_vars/security.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65323335366334356565373130366362356331666163303033643736616363336533333835663762
-6630623738313561613163353264616564393739343261360a623965633934636235313832666235
-34346638366165613565346462303739626561336636356634363865393630386261343261343361
-3334333430346364620a393465333133386530666136653133643465653466633562643431383961
-35386634663932373236626465373763656665386235323362336337666331306631313634343633
-31653532373562363261663533616264653163653265363330343931366466313066636261616330
-39623763373731626436343237333136623638313732643435643461323538326639616464386265
-61383439666262623966
diff --git a/host_vars/state.archlinux.org/misc.yml b/host_vars/state.archlinux.org/misc.yml
index 4498f8381..f84de16b2 100644
--- a/host_vars/state.archlinux.org/misc.yml
+++ b/host_vars/state.archlinux.org/misc.yml
@@ -1,3 +1,3 @@
filesystem: btrfs
wireguard_address: 10.0.0.11
-wireguard_public_key: cRNS30527OCEgijC7FHrtdXxdNnwWsXP8F1QAoKgAFQ=
+wireguard_public_key: byTCGLgHF4GqCCjmCRHJi/pzyKJKEBAik/ViVrafgzA=
diff --git a/host_vars/state.archlinux.org/vault_wireguard.yml b/host_vars/state.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index e0d3c4a65..000000000
--- a/host_vars/state.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65616436343433643361656439393166306231353638383233353530343263643339303561356234
-6337623435653866663363333135343236363933306362320a333066646464653333343238663766
-31363465373132303638356435633533383833636437393736616237343838313935663933646463
-6564626637343431610a313133333237666232613037633335656265326636316633343235383931
-36346366663863663839393664316232633239626162353033343137353861386439383031326565
-30653534646233353763643439653237623662343139326537303363343932613537346536343934
-38386138393532323539373561313962663263393866303331646365343433353338323634396230
-61323538356130623166
diff --git a/host_vars/sydney.mirror.pkgbuild.com/misc.yml b/host_vars/sydney.mirror.pkgbuild.com/misc.yml
index 6f73efaeb..e197f514b 100644
--- a/host_vars/sydney.mirror.pkgbuild.com/misc.yml
+++ b/host_vars/sydney.mirror.pkgbuild.com/misc.yml
@@ -13,4 +13,4 @@ system_disks:
- /dev/sdb
configure_network: true
wireguard_address: 10.0.0.39
-wireguard_public_key: nBu1/pofjzyD31D32VHIs8ajNc5thkzweOWsW28WSFU=
+wireguard_public_key: LxsZN7J4OrPUZgGldHQ0tLzFmXuS65IsCGyEPfCrMWo=
diff --git a/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml b/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
deleted file mode 100644
index bdc0e350b..000000000
--- a/host_vars/sydney.mirror.pkgbuild.com/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32336664393464623630396239636539616239343332623261386337376335386139346336393065
-6530316635653337653630303264666635313138303233640a313263343334646661363235313733
-64613539366566346438313266373439643239343731313565306163623836313162643336303737
-3736626632363963660a396435376137303038636163306134383966303035636232626163316362
-66636136633265336634353534396331393266393438356237326265343337336265323865663137
-33653332666535646632343236383364323961353461306463636261643832663765663338663663
-36383463376664666635636637323264303063383731353033623634303630323965666331646631
-34363766653866643665
diff --git a/host_vars/wiki.archlinux.org/misc.yml b/host_vars/wiki.archlinux.org/misc.yml
index 3f1085003..b052ac763 100644
--- a/host_vars/wiki.archlinux.org/misc.yml
+++ b/host_vars/wiki.archlinux.org/misc.yml
@@ -1,7 +1,7 @@
filesystem: btrfs
memcached_socket: "/run/memcached/archwiki.sock"
wireguard_address: 10.0.0.22
-wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=
+wireguard_public_key: +HOjbJivvyeww7Mvej5IOZghZ000AAGxy1qN1eZZajo=
nginx_extra_modules:
- name: geoip2
nginx_enable_http3: true
diff --git a/host_vars/wiki.archlinux.org/vault_wireguard.yml b/host_vars/wiki.archlinux.org/vault_wireguard.yml
deleted file mode 100644
index a54bb8285..000000000
--- a/host_vars/wiki.archlinux.org/vault_wireguard.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-63333966373462376261363465343661343330333333346563656666356561663734663266393536
-6465343832643637376130306562373162316661613066310a353664306238636566353632343263
-32353437323363663134633161383864343833343834663433303261663432383666613564363830
-6565346666316234640a383932633035343134323738653262363263323037613038353438626639
-36316136396662643438373634376433636661386239633831343866343034653936386531633262
-38373961643339636264333138366461623663346637353966353261313532666638373231323536
-65326539383832643665616236333265383636633764613438616531396562653930396232666466
-32623335376431306361
diff --git a/roles/wireguard/templates/wg0.netdev.j2 b/roles/wireguard/templates/wg0.netdev.j2
index 87efe2148..8d276808d 100644
--- a/roles/wireguard/templates/wg0.netdev.j2
+++ b/roles/wireguard/templates/wg0.netdev.j2
@@ -4,7 +4,7 @@ Kind=wireguard
[WireGuard]
ListenPort=51820
-PrivateKey={{ vault_wireguard_private_key }}
+PrivateKey=@network.wireguard.private.wg0
{% for host in groups['all'] if host != inventory_hostname %}
[WireGuardPeer]
--
GitLab