dmzconf/wg.mk

public_key = $(shell cat /etc/wireguard/dmz_public_key)
name := $(shell git config list | grep user.nam | cut -d= -f2)


# Local keys

wireguard/dmz_private_key: | /bin/wg wireguard/
	wg genkey > $@
	chmod 700 $@

wireguard/dmz_public_key: wireguard/dmz_private_key | /bin/wg
	$| pubkey < $< > $@

##############################

wgkeys.rec: wireguard/dmz_public_key
	$(info Adding wireguard key as '$(name)')
	recins --verbose $@ -t $(basename $@) -f name -v '$(name)' -f pubkey -v '$(shell cat $<)'
	git add $@
	git commit -m"add wireguard key for $(name)"
	$(info Remember to git push)

wireguard/dmz.conf: xecut/nimbus/dmz.conf | wireguard/dmz_private_key
	sed 's/PRIVATE_KEY/$(shell cat $|)/' $< > $@

###### Wireguard configuration #####

wireguard/wg_peers.txt: wgkeys.rec | xecut/nimbus/wireguard_peer.fmt
	recsel $< -t $(basename $<) | recfmt -f $| > $@

ignored += ansible/files/wireguard/wg0.conf

ansible/files/wireguard/wg0.conf: wireguard/wg_peers.txt | ansible/files/wireguard/server_head
	cd ansible && ansible-vault view files/wireguard/server_head > files/wireguard/wg0.conf
	cat $< >> $@
	cd ansible && ansible-vault encrypt files/wireguard/wg0.conf