docs: Document how to get the WG public key from systemd-creds

Also rearranged the documentation a bit. Fixes: 27553ab3 ("Remove the WG private keys from the vault and store them only on the servers")

docs: Document how to get the WG public key from systemd-creds
2f9c41ab · Kristian Klausen · b576876f · 2f9c41ab
Verified Commit 2f9c41ab authored 3 weeks ago by Kristian Klausen
--- a/docs/wireguard.md
+++ b/docs/wireguard.md
@@ -11,8 +11,10 @@ Many of our servers communicate through wireguard VPN with each others. If you n

 1. Generate the private key on the server with `wg genkey | systemd-creds encrypt - /etc/credstore.encrypted/network.wireguard.private.wg0` and restart systemd-networkd with `systemctl restart systemd-networkd`

-    Tips: 
-    - Pick next available IP for Wireguard from `grep -r wireguard_address host_vars/ | cut -f3 -d: | sort -h`
+1. Get public key with: `systemd-creds decrypt /etc/credstore.encrypted/network.wireguard.private.wg0 - | wg pubkey`

-    - Wireguard key generation docs: https://www.wireguard.com/quickstart/#key-generation 
 1. Execute `wireguard` and `prometheus` roles on `monitoring.archlinux.org.yml` playbook to get data from the server
+
+Tips:
+ - Pick next available IP for Wireguard from `grep -r wireguard_address host_vars/ | cut -f3 -d: | sort -h`
+ - Wireguard key generation docs: https://www.wireguard.com/quickstart/#key-generation