Skip to content
Snippets Groups Projects
Normal view Permalink
create-vpn-keys.sh 782 B
Newer Older
Florian Sesser's avatar
Update key generation documentation and add script to rotate all VPN keys
Florian Sesser committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 
#!/usr/bin/env bash

# Scope: Create wireguard keys for all monitoringVPN hosts
# Parameters:
#   file: path to grid.nix of morph deployment
# Output: Key files for all monitoring VPN hosts _in_the_current_directory_
# Convention: the IP ending in ".1" will be symlinked to server.{key,pub}

set -euo pipefail

umask 077

if [[ $# -ne 1 ]]; then
    echo "Illegal number of parameters. Expected: file (path of grid.nix)"
    exit 2
fi

MONITORING_IPS=$(fgrep monitoringvpnIPv4 ${1} | egrep -o "[0-9\.]{7,15}")
VPNSERVER_IP=$(fgrep monitoringvpnIPv4 ${1} | egrep -o -m1 "[0-9\.]{5,13}\.1")

for i in $MONITORING_IPS; do
  wg genkey | tee ${i}.key | wg pubkey > ${i}.pub
done

ln -fs $VPNSERVER_IP.key server.key
ln -fs $VPNSERVER_IP.pub server.pub

wg genpsk > preshared.key

# EOF