Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As an operator, I can continually bootsrap VPN users at a regular cadence #16

Closed
chrisjsimpson opened this issue Oct 24, 2024 · 0 comments
Closed

As an operator, I can continually bootsrap VPN users at a regular cadence #16

chrisjsimpson opened this issue Oct 24, 2024 · 0 comments

Comments

@chrisjsimpson
Copy link
Contributor

Workflow add-vpn-user is functional, but requires manual runtime input, a record identifyier of which record to write wireguard VPN config to into the password manager (in this case, Psono- but could be any password manager (a keepassxc store, pass, bitwarden, legacy Lastpass etc)

Given the record identifier isn't PII*, consider placing these record identifiers in a pipeline so that VPN credentials may automatically be refreshed at a regular cadnce. *They may be encrypted anyway, such as using ansible vault/amber/pass etc.

Related #14
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
wip Fix #16 continually bootstrap vpn users
729afda
@chrisjsimpson chrisjsimpson changed the title As an operator, I can continually bootrap VPN users at a regular cadence As an operator, I can continually bootsrap VPN users at a regular cadence Oct 24, 2024
@chrisjsimpson chrisjsimpson mentioned this issue Oct 24, 2024
Merged
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
#16 update WIREGUARD_VPN_PSONO_SECRET_IDS group_vars/all
2d93b01
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
#16 remove uneeded inputs.PSONO_SECRET_ID from workflow rotate-wiregu…
f70a63d 
…ard-vpn-user-configs.yml
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
#16 cron rotate wireguard vpn user config every 2 hrs
21acceb
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
#16 update WIREGUARD_VPN_PSONO_SECRET_IDS group_vars/all
95f5578
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
#16 remove uneeded inputs.PSONO_SECRET_ID from workflow rotate-wiregu…
19507b9 
…ard-vpn-user-configs.yml
chrisjsimpson added a commit that referenced this issue Oct 24, 2024
@chrisjsimpson
#16 cron rotate wireguard vpn user config every 2 hrs
20bbd7e
chrisjsimpson added a commit that referenced this issue Oct 25, 2024
@chrisjsimpson
#16 after rebuilding VPN, always rotate & publish user wireguard vpn …
dbadd43 
…entries #14
chrisjsimpson added a commit that referenced this issue Oct 27, 2024
@chrisjsimpson
Update deploy-vpn-server.yml concurrency 1 prevent concurrent runs #14
b7e2729 
…#16
@chrisjsimpson chrisjsimpson mentioned this issue Nov 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrisjsimpson