55 lines
1.7 KiB
Makefile
55 lines
1.7 KiB
Makefile
public_key = $(shell cat /etc/wireguard/dmz_public_key)
|
|
name := $(shell git config list | grep user.nam | cut -d= -f2)
|
|
|
|
|
|
# Local keys
|
|
|
|
wireguard/dmz_private_key: | /bin/wg wireguard/
|
|
wg genkey > $@
|
|
chmod 700 $@
|
|
|
|
wireguard/dmz_public_key: wireguard/dmz_private_key | /bin/wg
|
|
$| pubkey < $< > $@
|
|
|
|
##############################
|
|
|
|
wgkeys.rec: wireguard/dmz_public_key
|
|
$(info Adding wireguard key as '$(name)')
|
|
recins --verbose $@ -t $(basename $@) -f name -v '$(name)' -f pubkey -v '$(shell cat $<)'
|
|
git add $@
|
|
git commit -m"add wireguard key for $(name)"
|
|
$(info Remember to git push)
|
|
|
|
wireguard/dmz.conf: wireguard/dmz_bare.conf | wireguard/dmz_private_key
|
|
sed 's#PRIVATE_KEY#$(shell cat $|)#' $< > $@
|
|
|
|
wireguard/dmz_bare.conf: wgkeys.rec | xecut/nimbus/dmz.conf
|
|
recsel $< -t $(basename $<) -e 'name = "$(name)"' | recfmt -f $| > $@
|
|
|
|
###### Wireguard configuration #####
|
|
|
|
wireguard/wg_peers.txt: wgkeys.rec | xecut/nimbus/wg_peer.fmt
|
|
recsel $< -t $(basename $<) | recfmt -f $| > $@
|
|
|
|
ignored += ansible/playbooks/files/wireguard/wg0.conf
|
|
|
|
ansible/playbooks/files/wireguard/wg0.conf: wireguard/wg_peers.txt | ansible/playbooks/files/wireguard/server_head
|
|
cd ansible && ansible-vault view playbooks/files/wireguard/server_head > playbooks/files/wireguard/wg0.conf
|
|
cat $< >> $@
|
|
cd ansible && ansible-vault encrypt playbooks/files/wireguard/wg0.conf
|
|
|
|
|
|
##### Installing Wireguard Client #####
|
|
|
|
.PHONY: wg-create
|
|
wg-create: wireguard/dmz.conf ## Set up wireguard keys (do this before installing)
|
|
|
|
.PHONY: wg-install
|
|
wg-install: /etc/wireguard/dmz.conf ## Install wireguard keys (use sudo)
|
|
/etc/wireguard/dmz.conf: wireguard/dmz.conf | /bin/wg
|
|
cp $< $@
|
|
|
|
.PHONY: wg-setup
|
|
wg-setup: ansible/playbooks/files/wireguard/wg0.conf ## Renew the wireguard config
|
|
make -C ansible wireguard
|