Is there an open-source tool to bulk-generate wireguard configurations without managing the wireguard installation itself?

I have an existing server set up with a special wireguard configuration that I created manually. I want to add a standard VPN server configuration to that machine without affecting the existing configuration. I’ve used tools for this in the past, but they all work on the premise that wireguard isn’t already installed and that only said tool is used to managed the installation. I’m worried this might break my existing config, so what I want is something to automate generating keys and writing configuration files, without interacting with the existing wireguard installation. Does this exist?

  • rambos@lemm.eeEnglish
    2·
    10 months ago

    Creating a new client should be possible without messing up existing one. There are some options for managing clients using GUI like pivpn. I personally use OMV with wireguard extension

    • Skyline@lemmy.cafeOPEnglish
      1·
      10 months ago

      Sure, it’s possible. I could do it by hand, but the more clients you want to add, the more cumbersome the process. What I’d like is a tool to automate what is mostly a templating process.

      • aard@kyu.deEnglish
        2·
        10 months ago

        This should be trivially scriptable by ansible. Ideally you’d also transform your existing configuration into an ansible data structure so it can write out the complete config as that way is just more reliably - but ansible also is capable of editing stuff in place.

        I’m using a structure like this:

        wireguard:
  wg-mgmt:
    interface:
      address: 192.168.1.10/24
      listen_port: 34800
      private_key_file: /etc/wireguard/private.key
      passdb_entry: vpn/fi1-mgmt
    peers:
      aard_meteor:
        public_key: bmV2ZXIgZ29ubmEgZ2l2ZSB5b3UgdXAK
        allowed_ips:
          - 192.168.1.11/32
      aard_zak:
        public_key: bmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3duCg==
        allowed_ips:
          - 192.168.1.12/32

        To set up both server and client. I’m mostly adding other peoples systems, so I don’t know the private keys, and receive the public ones from them - but if you control both it’s also trivial to pull that information from the system you’re generating it on, and reuse it later.

        This is the template used for the wireguard configuration, this the task managing the wireguard setup.

        Getting the pubkey from a private key into a variable in ansible would look something like this:

        - name: dump pubkey
  shell: "wg pubkey < {{_pubkey_file}}"
  register: _wg_pubkey
  changed_when: false

- name: register pubkey
  set_fact:
    wg_pubkey: "{{_wg_pubkey.stdout}}"
  when: >
     _wg_pubkey is defined

        It’s then easy to dump it into a password store or something like that - if you check the repo in above links you’ll see pass heavily used.