Skip to content

Commit

Permalink
Revert "Adding preshared key support (trailofbits#1465)"
Browse files Browse the repository at this point in the history 
This reverts commit 146cbc7.
  • Loading branch information
@iBringit
iBringit committed Nov 4, 2020
1 parent 8db7015 commit e24a5fc
Show file tree
Hide file tree
Showing 4 changed files with 0 additions and 42 deletions.
39 changes: 0 additions & 39 deletions roles/wireguard/tasks/keys.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,45 +38,6 @@
- "{{ IP_subject_alt_name }}"
when: wg_genkey.changed

- name: Delete the preshared lock files
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: absent
when: keys_clean_all|bool
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"

- name: Generate preshared keys
command: wg genpsk
register: wg_genpsk
args:
creates: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"

- block:
- name: Save preshared keys
copy:
dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
content: "{{ item['stdout'] }}"
mode: "0600"
no_log: true
when: item.changed
with_items: "{{ wg_genpsk['results'] }}"
delegate_to: localhost
become: false

- name: Touch the preshared lock file
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: touch
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
when: wg_genpsk.changed

- name: Generate public keys
shell: |
set -o pipefail
Expand Down
1 change: 0 additions & 1 deletion roles/wireguard/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
with_items:
- private
- public
- preshared
delegate_to: localhost
become: false

Expand Down
1 change: 0 additions & 1 deletion roles/wireguard/templates/client.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ DNS = {{ wireguard_dns_servers }}

[Peer]
PublicKey = {{ lookup('file', wireguard_pki_path + '/public/' + IP_subject_alt_name) }}
PresharedKey = {{ lookup('file', wireguard_pki_path + '/preshared/' + item.1) }}
AllowedIPs = 0.0.0.0/0{{ ', ::/0' if ipv6_support else '' }}
Endpoint = {{ IP_subject_alt_name }}:{{ wireguard_port }}
{{ 'PersistentKeepalive = ' + wireguard_PersistentKeepalive|string if wireguard_PersistentKeepalive > 0 else '' }}
1 change: 0 additions & 1 deletion roles/wireguard/templates/server.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ SaveConfig = false
[Peer]
# {{ u }}
PublicKey = {{ lookup('file', wireguard_pki_path + '/public/' + u) }}
PresharedKey = {{ lookup('file', wireguard_pki_path + '/preshared/' + u) }}
AllowedIPs = {{ wireguard_network_ipv4 | ipaddr(index|int+1) | ipv4('address') }}/32{{ ',' + wireguard_network_ipv6 | ipaddr(index|int+1) | ipv6('address') + '/128' if ipv6_support else '' }}
{% endif %}
{% endfor %}

0 comments on commit e24a5fc

Please sign in to comment.