From 97469b374600319eb44812eb3e59723bfa57ba1f Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Tue, 25 May 2021 22:09:52 +0000
Subject: [PATCH] Add docs on how to create VPN keypairs

---
 morph/grid/local/README.rst | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/morph/grid/local/README.rst b/morph/grid/local/README.rst
index 8887c297..0fda5809 100644
--- a/morph/grid/local/README.rst
+++ b/morph/grid/local/README.rst
@@ -33,8 +33,8 @@ If you run an older Nixpkgs, retrieve and use the latest Vagrant development ver
   NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/refs/heads/master.tar.gz nix-shell -p vagrant
 
 
-Generating and deploying keys
-`````````````````````````````
+Generating keys
+```````````````
 
 ``config.json`` has the paths for the Ristretto and the Stripe secret key files.
 
@@ -72,6 +72,16 @@ The ZKAPIssuer.service needs a working TLS certificate and expects it in the cer
 
 Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/payments.localdev/`` directory and issue a ``sudo systemctl restart zkapissuer.service``.
 
+Create Wireguard VPN key pairs in ``PrivateStorageSecrets/monitoringvpn/`` or where you have them::
+
+  for i in "172.23.23.11" "172.23.23.12" "172.23.23.13" "server"; do
+    wg genkey | tee ${i}.key | wg pubkey > ${i}.pub
+  done
+
+And a shared VPN key for "post-quantum resistance"::
+
+  wg genpsk > preshared.key
+
 
 Use the local development environment
 `````````````````````````````````````
-- 
GitLab