don't retrieve wireguard privkeys in ansible

ansible/roles/network/tasks/main.yml

@@ -43,10 +43,6 @@
 - name: "Secure wireguard private key"
   file: path=/etc/wireguard/privkey mode=0600
 
-- name: "Retrieve wireguard private key"
-  shell: cat /etc/wireguard/privkey
-  register: wireguard_privkey
-
 - name: "Retrieve wireguard public key"
   shell: wg pubkey < /etc/wireguard/privkey
   register: wireguard_pubkey

ansible/roles/network/templates/wireguard.conf.j2

@@ -1,6 +1,6 @@
 [Interface]
 Address = {{ vpn_ip }}
-PrivateKey = {{ wireguard_privkey.stdout }}
+PostUp = wg set %i private-key <(cat /etc/wireguard/privkey)
 ListenPort = 51820
 
 {% for selected_host in groups['cluster_nodes']|difference([inventory_hostname]) %}

ansible/roles/network/templates/wireguard_external.conf.j2

@@ -1,9 +1,10 @@
 # Template configuration file for VPN nodes that are non in the cluster
+# The private key should be stored as /etc/wireguard/privkey
 # External nodes should be registered in network/vars/main.yml
 
 [Interface]
 Address = <INSERT YOUR IP HERE, IT SHOULD MATCH THE ONE IN vars/main.yml>
-PrivateKey = <INSERT YOUR PRIVKEY HERE, IT SHOULD MATCH THE PUBKEY IN vars/main.yml>
+PostUp = wg set %i private-key <(cat /etc/wireguard/privkey)
 ListenPort = 51820
 
 # Cluster nodes