From 8eedb4e50cd2a739f321291cc2c5d54eb2741215 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 14 Sep 2020 19:07:24 +0100
Subject: [PATCH] Fix configuration of wireguard keys on 18.04

---
 cookbooks/networking/recipes/default.rb                   | 4 ++--
 .../networking/templates/default/wireguard.netdev.erb     | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 0f7b2e49a..34a1a52af 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -240,8 +240,8 @@ if node[:networking][:wireguard][:enabled]
   template "/etc/systemd/network/wireguard.netdev" do
     source "wireguard.netdev.erb"
     owner "root"
-    group "root"
-    mode "644"
+    group "systemd-network"
+    mode "640"
   end
 
   template "/etc/systemd/network/wireguard.network" do
diff --git a/cookbooks/networking/templates/default/wireguard.netdev.erb b/cookbooks/networking/templates/default/wireguard.netdev.erb
index 7f7ef3114..7866f97a4 100644
--- a/cookbooks/networking/templates/default/wireguard.netdev.erb
+++ b/cookbooks/networking/templates/default/wireguard.netdev.erb
@@ -3,13 +3,21 @@ Name=wg0
 Kind=wireguard
 
 [WireGuard]
+<% if node[:lsb][:release].to_f < 20.04 -%>
+PrivateKey=<%= IO.read("/var/lib/systemd/wireguard/private.key").chomp %>
+<% else -%>
 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
+<% end -%>
 ListenPort=51820
 <% node[:networking][:wireguard][:peers].each do |peer| -%>
 
 [WireGuardPeer]
 PublicKey=<%= peer[:public_key] %>
+<% if node[:lsb][:release].to_f < 20.04 -%>
+PresharedKey=<%= IO.read("/var/lib/systemd/wireguard/preshared.key").chomp %>
+<% else -%>
 PresharedKeyFile=/var/lib/systemd/wireguard/preshared.key
+<% end -%>
 AllowedIPs=<%= Array(peer[:allowed_ips]).sort.join(",") %>
 <% if peer[:endpoint] -%>
 Endpoint=<%= peer[:endpoint] %>
-- 
2.39.5