> Why not use an existing solution (e.g. puppet et al)? The capability is already there, No. It's not. Notice that I did mention that the devices would call a server to register themselves. In fact, the whole problem I am trying to solve is providing connectivity to peers behind NATs and connected from unknown locations. Being able to just ssh'ing into a peer is the end goal itself, not the starting point. But let's please not get off topic. I think I was clear in what I asked. On Fri, Jan 11, 2019 at 12:17 PM Steve Gilberd wrote: > Why not use an existing solution (e.g. puppet et al)? The capability is > already there, unless you need a GUI. > > Cheers, > Steve > > On Fri, 11 Jan 2019, 21:09 John Accoun, wrote: > >> I need to provision a large number of linux devices on multiple locations >> and put them all on a VPN. >> Configuring each device manually is too tedious. I was thinking of >> spinning up a server with a small HTTP api to exchange keys and configure >> wireguard on both sides. Then each device would call this server to >> register itself. And while I am a it I thought I could throw together a >> minimal admin ui that I could use for example to manually remove peers. >> >> I red the 'Web App provisioning Server' which I believe describes a >> possible solution for this use case. But I am confused with the whole data >> storage thing. Where do configuarations live? Are the configuration files >> at /etc/whireguard/ the source of truth? If I edit these when is the list >> of peers refreshed? >> >> The above mentioned document suggests shelling out to command line tools. >> Is this the recommended way. Does a general purpose library for managing >> wireguard config exist? >> _______________________________________________ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard >> > -- > > Cheers, > > *Steve Gilberd* > Erayd LTD *·* Consultant > *Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237* > *PO Box 10019, The Terrace, Wellington 6143, NZ* >