From 18b0079dbe776bb7cd5b95299f424eb25a8d5b35 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Thu, 9 Sep 2021 20:13:06 +0000
Subject: [PATCH] Fix device delete

---
 .env.sample                                   |   5 +-
 apps/fz_common/lib/cli.ex                     |   6 +-
 apps/fz_http/lib/fz_http/devices.ex           |   3 +-
 apps/fz_http/lib/fz_http/devices/device.ex    |   6 +-
 apps/fz_http/lib/fz_http_web/events.ex        |   4 +-
 .../live/account_live/show.html.heex          |  42 ++---
 .../live/device_live/index.html.heex          |  62 ++++----
 .../live/device_live/index_live.ex            |   6 +-
 .../live/device_live/show.html.heex           | 150 +++++++++---------
 .../live/rule_live/index.html.heex            |  39 +++--
 apps/fz_http/lib/fz_http_web/mock_events.ex   |   4 +-
 .../templates/layout/live.html.heex           |  24 ---
 .../templates/layout/root.html.heex           |  20 +--
 .../templates/shared/flash.html.heex          |  24 +++
 .../templates/shared/heading.html.heex        |  16 ++
 .../lib/fz_http_web/views/shared_view.ex      |   3 +
 .../20200228145810_create_devices.exs         |   2 -
 apps/fz_http/priv/repo/seeds.exs              |   1 -
 apps/fz_http/test/fz_http/devices_test.exs    |   3 +-
 apps/fz_http/test/support/fixtures.ex         |   1 -
 apps/fz_vpn/lib/fz_vpn/cli/live.ex            |  13 +-
 apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex         |   1 -
 apps/fz_vpn/lib/fz_vpn/config.ex              |  27 +---
 apps/fz_vpn/lib/fz_vpn/peer.ex                |   3 +-
 apps/fz_vpn/lib/fz_vpn/server.ex              |   9 +-
 apps/fz_vpn/test/fz_vpn/config_test.exs       |   8 +-
 apps/fz_vpn/test/fz_vpn/server_test.exs       |   2 +-
 config/config.exs                             |   2 +-
 config/dev.exs                                |   1 +
 config/releases.exs                           |   4 +-
 .../cookbooks/firezone/attributes/default.rb  |   3 +-
 .../cookbooks/firezone/libraries/config.rb    |   4 +-
 omnibus/cookbooks/firezone/recipes/config.rb  |   8 +
 omnibus/cookbooks/firezone/recipes/network.rb |   9 --
 34 files changed, 248 insertions(+), 267 deletions(-)
 create mode 100644 apps/fz_http/lib/fz_http_web/templates/shared/flash.html.heex
 create mode 100644 apps/fz_http/lib/fz_http_web/templates/shared/heading.html.heex
 create mode 100644 apps/fz_http/lib/fz_http_web/views/shared_view.ex

diff --git a/.env.sample b/.env.sample
index ef21cdf7f..589d10e84 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,7 +6,7 @@
 # source .env
 # set +a
 
-DATABASE_URL="ecto://fireguard:postgres@localhost/fireguard_dev"
+DATABASE_URL="ecto://firezone:postgres@localhost/firezone_dev"
 
 # Generate with mix phx.gen.secret
 SECRET_KEY_BASE=
@@ -14,8 +14,7 @@ SECRET_KEY_BASE=
 # Generate with mix phx.gen.secret 32
 LIVE_VIEW_SIGNING_SALT=
 
-# Generate with wg genkey
-WIREGUARD_PRIVATE_KEY=
+WIREGUARD_PUBLIC_KEY=
 WIREGUARD_PORT=51820
 WIREGUARD_INTERFACE_NAME=wg-firezone
 
diff --git a/apps/fz_common/lib/cli.ex b/apps/fz_common/lib/cli.ex
index ef426cd85..8310cc573 100644
--- a/apps/fz_common/lib/cli.ex
+++ b/apps/fz_common/lib/cli.ex
@@ -4,7 +4,7 @@ defmodule FzCommon.CLI do
   """
 
   def bash(cmd) do
-    System.cmd("bash", ["-c", cmd])
+    System.cmd("bash", ["-c", cmd], stderr_to_stdout: true)
   end
 
   def exec!(cmd) do
@@ -12,9 +12,9 @@ defmodule FzCommon.CLI do
       {result, 0} ->
         result
 
-      {error, _} ->
+      {error, exit_code} ->
         raise """
-        Error executing command #{cmd} with error #{error}.
+        Error executing command #{cmd}. Exited with code #{exit_code} and error #{error}.
         FireZone cannot recover from this error.
         """
     end
diff --git a/apps/fz_http/lib/fz_http/devices.ex b/apps/fz_http/lib/fz_http/devices.ex
index 515b8da2c..1d86ef423 100644
--- a/apps/fz_http/lib/fz_http/devices.ex
+++ b/apps/fz_http/lib/fz_http/devices.ex
@@ -47,8 +47,7 @@ defmodule FzHttp.Devices do
     for device <- Repo.all(Device) do
       %{
         public_key: device.public_key,
-        allowed_ips: device.allowed_ips,
-        preshared_key: device.preshared_key
+        allowed_ips: device.allowed_ips
       }
     end
   end
diff --git a/apps/fz_http/lib/fz_http/devices/device.ex b/apps/fz_http/lib/fz_http/devices/device.ex
index 1752165c3..052baf840 100644
--- a/apps/fz_http/lib/fz_http/devices/device.ex
+++ b/apps/fz_http/lib/fz_http/devices/device.ex
@@ -12,7 +12,6 @@ defmodule FzHttp.Devices.Device do
     field :name, :string
     field :public_key, :string
     field :allowed_ips, :string
-    field :preshared_key, FzHttp.Encrypted.Binary
     field :private_key, FzHttp.Encrypted.Binary
     field :server_public_key, :string
     field :remote_ip, EctoNetwork.INET
@@ -36,7 +35,6 @@ defmodule FzHttp.Devices.Device do
       :interface_address6,
       :server_public_key,
       :private_key,
-      :preshared_key,
       :user_id,
       :name,
       :public_key
@@ -46,12 +44,10 @@ defmodule FzHttp.Devices.Device do
       :name,
       :public_key,
       :server_public_key,
-      :private_key,
-      :preshared_key
+      :private_key
     ])
     |> unique_constraint(:public_key)
     |> unique_constraint(:private_key)
-    |> unique_constraint(:preshared_key)
     |> unique_constraint([:user_id, :name])
   end
 end
diff --git a/apps/fz_http/lib/fz_http_web/events.ex b/apps/fz_http/lib/fz_http_web/events.ex
index af468b556..f64a521e3 100644
--- a/apps/fz_http/lib/fz_http_web/events.ex
+++ b/apps/fz_http/lib/fz_http_web/events.ex
@@ -9,8 +9,8 @@ defmodule FzHttpWeb.Events do
     GenServer.call(vpn_pid(), :create_device)
   end
 
-  def device_created(pubkey, psk, ip) do
-    GenServer.cast(vpn_pid(), {:device_created, pubkey, psk, ip})
+  def device_created(pubkey, ip) do
+    GenServer.cast(vpn_pid(), {:device_created, pubkey, ip})
   end
 
   def delete_device(device_pubkey) do
diff --git a/apps/fz_http/lib/fz_http_web/live/account_live/show.html.heex b/apps/fz_http/lib/fz_http_web/live/account_live/show.html.heex
index 884147171..64b0f110f 100644
--- a/apps/fz_http/lib/fz_http_web/live/account_live/show.html.heex
+++ b/apps/fz_http/lib/fz_http_web/live/account_live/show.html.heex
@@ -7,27 +7,33 @@
         user: @current_user,
         action: @live_action) %>
 <% end %>
-<div class="columns">
-  <div class="column is-6">
-    <div class="content">
-      <dl>
-        <dt>
-          <strong>Email</strong>
-        </dt>
-        <dd><%= @current_user.email %></dd>
 
-        <dt><strong>Last signed in at</strong></dt>
-        <dd><%= @current_user.last_signed_in_at %></dd>
-      </dl>
+<%= render FzHttpWeb.SharedView, "heading.html", page_title: @page_title %>
 
-      <div class="level">
-        <%= live_patch("Change email or password", to: Routes.account_show_path(@socket, :edit)) %>
+<section class="section is-main-section">
+  <%= render FzHttpWeb.SharedView, "flash.html", assigns %>
+  <div class="columns">
+    <div class="column is-6">
+      <div class="content">
+        <dl>
+          <dt>
+            <strong>Email</strong>
+          </dt>
+          <dd><%= @current_user.email %></dd>
 
-        <%# This is purposefully a synchronous form in order to easily clear the session %>
-        <%= form_for @changeset, Routes.user_path(@socket, :delete), [id: "delete-account", method: :delete], fn _f -> %>
-          <%= submit "Delete your account", class: "button is-danger", data: [confirm: "Are you sure?"] %>
-        <% end %>
+          <dt><strong>Last signed in at</strong></dt>
+          <dd><%= @current_user.last_signed_in_at %></dd>
+        </dl>
+
+        <div class="level">
+          <%= live_patch("Change email or password", to: Routes.account_show_path(@socket, :edit)) %>
+
+          <%# This is purposefully a synchronous form in order to easily clear the session %>
+          <%= form_for @changeset, Routes.user_path(@socket, :delete), [id: "delete-account", method: :delete], fn _f -> %>
+            <%= submit "Delete your account", class: "button is-danger", data: [confirm: "Are you sure?"] %>
+          <% end %>
+        </div>
       </div>
     </div>
   </div>
-</div>
+</section>
diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex
index b22fa7ca0..09d73acd7 100644
--- a/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex
+++ b/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex
@@ -1,30 +1,36 @@
-<div class="content">
-  <hr>
+<%= render FzHttpWeb.SharedView, "heading.html", page_title: @page_title %>
 
-  <table class="table is-striped is-fullwidth">
-    <thead>
-      <tr>
-        <th>Name</th>
-        <th>Public key</th>
-        <th>Remote IP</th>
-        <th>Last seen at</th>
-      </tr>
-    </thead>
-    <tbody>
-    <%= for device <- @devices do %>
-      <tr>
-        <td>
-          <%= link(device.name, to: Routes.device_show_path(@socket, :show, device)) %>
-        </td>
-        <td class="code"><%= device.public_key %></td>
-        <td class="code"><%= device.remote_ip || "Never connected" %></td>
-        <td><%= device.last_seen_at %></td>
-      </tr>
-    <% end %>
-    </tbody>
-  </table>
-</div>
+<section class="section is-main-section">
+  <%= render FzHttpWeb.SharedView, "flash.html", assigns %>
 
-<button class="button is-primary" phx-click="create_device">
-  Add Device
-</button>
+  <div class="content">
+    <hr>
+
+    <table class="table is-striped is-fullwidth">
+      <thead>
+        <tr>
+          <th>Name</th>
+          <th>Public key</th>
+          <th>Remote IP</th>
+          <th>Last seen at</th>
+        </tr>
+      </thead>
+      <tbody>
+      <%= for device <- @devices do %>
+        <tr>
+          <td>
+            <%= live_redirect(device.name, to: Routes.device_show_path(@socket, :show, device)) %>
+          </td>
+          <td class="code"><%= device.public_key %></td>
+          <td class="code"><%= device.remote_ip || "Never connected" %></td>
+          <td><%= device.last_seen_at %></td>
+        </tr>
+      <% end %>
+      </tbody>
+    </table>
+  </div>
+
+  <button class="button is-primary" phx-click="create_device">
+    Add Device
+  </button>
+</section>
diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex b/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex
index 912781952..c43a5683b 100644
--- a/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex
+++ b/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex
@@ -15,13 +15,12 @@ defmodule FzHttpWeb.DeviceLive.Index do
 
   def handle_event("create_device", _params, socket) do
     # XXX: Remove device from WireGuard if create isn't successful
-    {:ok, privkey, pubkey, server_pubkey, psk} = @events_module.create_device()
+    {:ok, privkey, pubkey, server_pubkey} = @events_module.create_device()
 
     device_attrs = %{
       private_key: privkey,
       public_key: pubkey,
-      server_public_key: server_pubkey,
-      preshared_key: psk
+      server_public_key: server_pubkey
     }
 
     attributes =
@@ -37,7 +36,6 @@ defmodule FzHttpWeb.DeviceLive.Index do
       {:ok, device} ->
         @events_module.device_created(
           device.public_key,
-          device.preshared_key,
           "10.3.2.#{device.octet_sequence}"
         )
 
diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex
index e3c05e9d7..c65ec422a 100644
--- a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex
+++ b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex
@@ -8,78 +8,77 @@
         action: @live_action) %>
 <% end %>
 
-<div class="columns">
-  <div class="column">
-    <div class="level">
-      <div class="level-left">
-        <h4 class="is-4 title">Device Details</h4>
+<%= render FzHttpWeb.SharedView, "heading.html", page_title: @page_title %>
+
+<section class="section is-main-section">
+  <%= render FzHttpWeb.SharedView, "flash.html", assigns %>
+  <div class="columns">
+    <div class="column">
+      <div class="level">
+        <div class="level-left">
+          <h4 class="is-4 title">Device Details</h4>
+        </div>
+        <div class="level-right">
+          <%= live_patch("Edit", to: Routes.device_show_path(@socket, :edit, @device)) %>
+        </div>
       </div>
-      <div class="level-right">
-        <%= live_patch("Edit", to: Routes.device_show_path(@socket, :edit, @device)) %>
+      <hr>
+      <div class="content">
+        <dl>
+          <dt>
+            <strong>Name:</strong>
+          </dt>
+          <dd><%= @device.name %></dd>
+
+          <dt>
+            <strong>Interface IP:</strong>
+          </dt>
+          <dd>10.3.2.<%= @device.octet_sequence %></dd>
+
+          <dt>
+            <strong>Public key:</strong>
+          </dt>
+          <dd class="code"><%= @device.public_key %></dd>
+
+          <dt>
+            <strong>Private key:</strong>
+          </dt>
+          <dd class="code"><%= @device.private_key %></dd>
+
+          <dt>
+            <strong>Server Public key:</strong>
+          </dt>
+          <dd class="code"><%= @device.server_public_key %></dd>
+
+          <dt>
+            <strong>Remote IP:</strong>
+          </dt>
+          <dd class="code"><%= @device.remote_ip %></dd>
+
+          <dt>
+            <strong>Last seen at:</strong>
+          </dt>
+          <dd><%= @device.last_seen_at %></dd>
+        </dl>
+      </div>
+      <div class="level">
+        <%= live_redirect("Back to Devices", to: Routes.device_index_path(@socket, :index), class: "button") %>
+        <button class="button is-danger"
+                phx-click="delete_device"
+                phx-value-device_id={@device.id}
+                data-confirm="Are you sure? This will remove all data associated with this device.">
+          Delete device
+        </button>
       </div>
     </div>
-    <hr>
-    <div class="content">
-      <dl>
-        <dt>
-          <strong>Name:</strong>
-        </dt>
-        <dd><%= @device.name %></dd>
-
-        <dt>
-          <strong>Interface IP:</strong>
-        </dt>
-        <dd>10.3.2.<%= @device.octet_sequence %></dd>
-
-        <dt>
-          <strong>Public key:</strong>
-        </dt>
-        <dd class="code"><%= @device.public_key %></dd>
-
-        <dt>
-          <strong>Private key:</strong>
-        </dt>
-        <dd class="code"><%= @device.private_key %></dd>
-
-        <dt>
-          <strong>Preshared key:</strong>
-        </dt>
-        <dd class="code"><%= @device.preshared_key %></dd>
-
-        <dt>
-          <strong>Server Public key:</strong>
-        </dt>
-        <dd class="code"><%= @device.server_public_key %></dd>
-
-        <dt>
-          <strong>Remote IP:</strong>
-        </dt>
-        <dd class="code"><%= @device.remote_ip %></dd>
-
-        <dt>
-          <strong>Last seen at:</strong>
-        </dt>
-        <dd><%= @device.last_seen_at %></dd>
-      </dl>
-    </div>
-    <div class="level">
-      <%= link("Back to Devices", to: Routes.device_index_path(@socket, :index), class: "button") %>
-      <button class="button is-danger"
-              phx-click="delete_device"
-              phx-value-device_id={@device.id}
-              data-confirm="Are you sure? This will remove all data associated with this device.">
-        Delete device
-      </button>
-    </div>
-  </div>
-  <div class="column">
-    <h4 class="is-4 title">Config</h4>
-    <hr>
-    <div class="content">
-      <h6 class="is-6 title">
-        Add the following to your WireGuard™ configuration file:
-      </h6>
-      <pre><code id="wg-conf">
+    <div class="column">
+      <h4 class="is-4 title">Config</h4>
+      <hr>
+      <div class="content">
+        <h6 class="is-6 title">
+          Add the following to your WireGuard™ configuration file:
+        </h6>
+        <pre><code id="wg-conf">
 [Interface]
 PrivateKey = <%= @device.private_key %>
 Address = 10.3.2.<%= @device.octet_sequence %>
@@ -89,12 +88,13 @@ DNS = 1.1.1.1, 1.0.0.1
 PublicKey = <%= @device.server_public_key %>
 AllowedIPs = 0.0.0.0/0, ::/0
 Endpoint = <%= @wireguard_endpoint_ip %>:<%= @wireguard_port %></code></pre>
-      <h6 class="is-6 title">
-        Or scan the QR code with your mobile phone:
-      </h6>
-      <div class="has-text-centered">
-        <canvas id="qr-canvas" phx-hook="QrCode"></canvas>
+        <h6 class="is-6 title">
+          Or scan the QR code with your mobile phone:
+        </h6>
+        <div class="has-text-centered">
+          <canvas id="qr-canvas" phx-hook="QrCode"></canvas>
+        </div>
       </div>
     </div>
   </div>
-</div>
+</section>
diff --git a/apps/fz_http/lib/fz_http_web/live/rule_live/index.html.heex b/apps/fz_http/lib/fz_http_web/live/rule_live/index.html.heex
index b258a211e..86fd314da 100644
--- a/apps/fz_http/lib/fz_http_web/live/rule_live/index.html.heex
+++ b/apps/fz_http/lib/fz_http_web/live/rule_live/index.html.heex
@@ -1,18 +1,23 @@
-<div class="columns">
-  <div class="column">
-    <%= live_component(
-        @socket,
-        FzHttpWeb.RuleLive.RuleListComponent,
-        title: "Allowlist",
-        id: :allowlist,
-        current_user: @current_user) %>
+<%= render FzHttpWeb.SharedView, "heading.html", page_title: @page_title %>
+
+<section class="section is-main-section">
+  <%= render FzHttpWeb.SharedView, "flash.html", assigns %>
+  <div class="columns">
+    <div class="column">
+      <%= live_component(
+          @socket,
+          FzHttpWeb.RuleLive.RuleListComponent,
+          title: "Allowlist",
+          id: :allowlist,
+          current_user: @current_user) %>
+    </div>
+    <div class="column">
+      <%= live_component(
+          @socket,
+          FzHttpWeb.RuleLive.RuleListComponent,
+          title: "Denylist",
+          id: :denylist,
+          current_user: @current_user) %>
+    </div>
   </div>
-  <div class="column">
-    <%= live_component(
-        @socket,
-        FzHttpWeb.RuleLive.RuleListComponent,
-        title: "Denylist",
-        id: :denylist,
-        current_user: @current_user) %>
-  </div>
-</div>
+</section>
diff --git a/apps/fz_http/lib/fz_http_web/mock_events.ex b/apps/fz_http/lib/fz_http_web/mock_events.ex
index 550b54848..17d35b04e 100644
--- a/apps/fz_http/lib/fz_http_web/mock_events.ex
+++ b/apps/fz_http/lib/fz_http_web/mock_events.ex
@@ -8,14 +8,14 @@ defmodule FzHttpWeb.MockEvents do
   """
 
   def create_device do
-    {:ok, "privkey", "pubkey", "server_pubkey", "preshared_key"}
+    {:ok, "privkey", "pubkey", "server_pubkey"}
   end
 
   def delete_device(pubkey) do
     {:ok, pubkey}
   end
 
-  def device_created(_pubkey, _psk, _ip) do
+  def device_created(_pubkey, _ip) do
     :ok
   end
 
diff --git a/apps/fz_http/lib/fz_http_web/templates/layout/live.html.heex b/apps/fz_http/lib/fz_http_web/templates/layout/live.html.heex
index dcc9b71be..c25717ed4 100644
--- a/apps/fz_http/lib/fz_http_web/templates/layout/live.html.heex
+++ b/apps/fz_http/lib/fz_http_web/templates/layout/live.html.heex
@@ -1,27 +1,3 @@
-<%= if !is_nil(live_flash(@flash, :info)) or !is_nil(live_flash(@flash, :error)) do %>
-  <div class="container flash-squeeze">
-    <%= if live_flash(@flash, :info) do %>
-      <div class="notification is-info">
-        <button title="Dismiss notification"
-                class="delete"
-                phx-click="lv:clear-flash"
-                phx-value-key="info"
-                ></button>
-        <div class="flash-info"><%= live_flash(@flash, :info) %></div>
-      </div>
-    <% end %>
-    <%= if live_flash(@flash, :error) do %>
-      <div class="notification is-danger">
-        <button title="Dismiss notification"
-                class="delete"
-                phx-click="lv:clear-flash"
-                phx-value-key="error"
-                ></button>
-        <div class="flash-error"><%= live_flash(@flash, :error) %></div>
-      </div>
-    <% end %>
-  </div>
-<% end %>
 <div>
   <%= @inner_content %>
 </div>
diff --git a/apps/fz_http/lib/fz_http_web/templates/layout/root.html.heex b/apps/fz_http/lib/fz_http_web/templates/layout/root.html.heex
index b07bec4bb..a503fb162 100644
--- a/apps/fz_http/lib/fz_http_web/templates/layout/root.html.heex
+++ b/apps/fz_http/lib/fz_http_web/templates/layout/root.html.heex
@@ -94,26 +94,8 @@
       </ul>
     </div>
   </aside>
-  <section class="hero is-hero-bar">
-    <div class="hero-body">
-      <div class="level">
-        <div class="level-left">
-          <div class="level-item">
-            <h1 class="title">
-              <%= @page_title %>
-            </h1>
-          </div>
-        </div>
-        <div class="level-right" style="display: none;">
-          <div class="level-item"></div>
-        </div>
-      </div>
-    </div>
-  </section>
 
-  <section class="section is-main-section">
-    <%= @inner_content %>
-  </section>
+  <%= @inner_content %>
 
   <footer class="footer">
     <div class="container-fluid">
diff --git a/apps/fz_http/lib/fz_http_web/templates/shared/flash.html.heex b/apps/fz_http/lib/fz_http_web/templates/shared/flash.html.heex
new file mode 100644
index 000000000..752fd1fe7
--- /dev/null
+++ b/apps/fz_http/lib/fz_http_web/templates/shared/flash.html.heex
@@ -0,0 +1,24 @@
+<%= if !is_nil(live_flash(@flash, :info)) or !is_nil(live_flash(@flash, :error)) do %>
+  <div class="container flash-squeeze">
+    <%= if live_flash(@flash, :info) do %>
+      <div class="notification is-info">
+        <button title="Dismiss notification"
+                class="delete"
+                phx-click="lv:clear-flash"
+                phx-value-key="info"
+                ></button>
+        <div class="flash-info"><%= live_flash(@flash, :info) %></div>
+      </div>
+    <% end %>
+    <%= if live_flash(@flash, :error) do %>
+      <div class="notification is-danger">
+        <button title="Dismiss notification"
+                class="delete"
+                phx-click="lv:clear-flash"
+                phx-value-key="error"
+                ></button>
+        <div class="flash-error"><%= live_flash(@flash, :error) %></div>
+      </div>
+    <% end %>
+  </div>
+<% end %>
diff --git a/apps/fz_http/lib/fz_http_web/templates/shared/heading.html.heex b/apps/fz_http/lib/fz_http_web/templates/shared/heading.html.heex
new file mode 100644
index 000000000..a2b07d96a
--- /dev/null
+++ b/apps/fz_http/lib/fz_http_web/templates/shared/heading.html.heex
@@ -0,0 +1,16 @@
+<section class="hero is-hero-bar">
+  <div class="hero-body">
+    <div class="level">
+      <div class="level-left">
+        <div class="level-item">
+          <h1 class="title">
+            <%= @page_title %>
+          </h1>
+        </div>
+      </div>
+      <div class="level-right" style="display: none;">
+        <div class="level-item"></div>
+      </div>
+    </div>
+  </div>
+</section>
diff --git a/apps/fz_http/lib/fz_http_web/views/shared_view.ex b/apps/fz_http/lib/fz_http_web/views/shared_view.ex
new file mode 100644
index 000000000..749c6b51a
--- /dev/null
+++ b/apps/fz_http/lib/fz_http_web/views/shared_view.ex
@@ -0,0 +1,3 @@
+defmodule FzHttpWeb.SharedView do
+  use FzHttpWeb, :view
+end
diff --git a/apps/fz_http/priv/repo/migrations/20200228145810_create_devices.exs b/apps/fz_http/priv/repo/migrations/20200228145810_create_devices.exs
index b4b6c68a1..7fcc84cd4 100644
--- a/apps/fz_http/priv/repo/migrations/20200228145810_create_devices.exs
+++ b/apps/fz_http/priv/repo/migrations/20200228145810_create_devices.exs
@@ -6,7 +6,6 @@ defmodule FzHttp.Repo.Migrations.CreateDevices do
       add :name, :string, null: false
       add :public_key, :string, null: false
       add :allowed_ips, :string
-      add :preshared_key, :bytea, null: false
       add :private_key, :bytea, null: false
       add :server_public_key, :string, null: false
       add :remote_ip, :inet
@@ -23,7 +22,6 @@ defmodule FzHttp.Repo.Migrations.CreateDevices do
     create index(:devices, [:user_id])
     create unique_index(:devices, [:public_key])
     create unique_index(:devices, [:private_key])
-    create unique_index(:devices, [:preshared_key])
     create unique_index(:devices, [:user_id, :name])
     create unique_index(:devices, [:octet_sequence])
   end
diff --git a/apps/fz_http/priv/repo/seeds.exs b/apps/fz_http/priv/repo/seeds.exs
index 2aa2ba47a..e188acc25 100644
--- a/apps/fz_http/priv/repo/seeds.exs
+++ b/apps/fz_http/priv/repo/seeds.exs
@@ -26,7 +26,6 @@ alias FzHttp.{Devices, Rules, Users}
     public_key: "3Fo+SNnDJ6hi8qzPt3nWLwgjCVwvpjHL35qJeatKwEc=",
     server_public_key: "QFvMfHTjlJN9cfUiK1w4XmxOomH6KRTCMrVC6z3TWFM=",
     private_key: "2JSZtpSHM+69Hm7L3BSGIymbq0byw39iWLevKESd1EM=",
-    preshared_key: "hQS+GkbTWfEhueLM8RJ2anjC4RxzdgL4dpTIetHf6GU=",
     remote_ip: %Postgrex.INET{address: {127, 0, 0, 1}},
     interface_address4: %Postgrex.INET{address: {10, 0, 0, 1}}
   })
diff --git a/apps/fz_http/test/fz_http/devices_test.exs b/apps/fz_http/test/fz_http/devices_test.exs
index fb5625594..e9435028f 100644
--- a/apps/fz_http/test/fz_http/devices_test.exs
+++ b/apps/fz_http/test/fz_http/devices_test.exs
@@ -85,8 +85,7 @@ defmodule FzHttp.DevicesTest do
     test "renders all peers", %{device: device} do
       assert Devices.to_peer_list() |> List.first() == %{
                public_key: device.public_key,
-               allowed_ips: device.allowed_ips,
-               preshared_key: device.preshared_key
+               allowed_ips: device.allowed_ips
              }
     end
   end
diff --git a/apps/fz_http/test/support/fixtures.ex b/apps/fz_http/test/support/fixtures.ex
index 629fa4aec..bb72523d2 100644
--- a/apps/fz_http/test/support/fixtures.ex
+++ b/apps/fz_http/test/support/fixtures.ex
@@ -33,7 +33,6 @@ defmodule FzHttp.Fixtures do
       public_key: "test-pubkey",
       name: "factory",
       private_key: "test-privkey",
-      preshared_key: "test-psk",
       server_public_key: "test-server-pubkey"
     }
 
diff --git a/apps/fz_vpn/lib/fz_vpn/cli/live.ex b/apps/fz_vpn/lib/fz_vpn/cli/live.ex
index ea4a61398..c46d18191 100644
--- a/apps/fz_vpn/lib/fz_vpn/cli/live.ex
+++ b/apps/fz_vpn/lib/fz_vpn/cli/live.ex
@@ -10,7 +10,6 @@ defmodule FzVpn.CLI.Live do
 
   # Outputs the privkey, then pubkey on the next line
   @genkey_cmd "wg genkey | tee >(wg pubkey)"
-  @genpsk_cmd "wg genpsk"
 
   import FzCommon.CLI
 
@@ -34,15 +33,10 @@ defmodule FzVpn.CLI.Live do
     {privkey, pubkey}
   end
 
-  def add_peer(pubkey, _psk, ip) do
+  def add_peer(pubkey, ip) do
     set("peer #{pubkey} allowed-ips #{ip}/32")
   end
 
-  def genpsk do
-    exec!(@genpsk_cmd)
-    |> String.trim()
-  end
-
   def pubkey(privkey) when is_nil(privkey), do: nil
 
   def pubkey(privkey) when is_binary(privkey) do
@@ -51,7 +45,10 @@ defmodule FzVpn.CLI.Live do
   end
 
   def set(config_str) do
-    exec!("#{wg()} set #{iface_name()} #{config_str}")
+    # Empty config string results in invalid command
+    if String.length(config_str) > 0 do
+      exec!("#{wg()} set #{iface_name()} #{config_str}")
+    end
   end
 
   def show_latest_handshakes do
diff --git a/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex b/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex
index 712916870..6d9251340 100644
--- a/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex
+++ b/apps/fz_vpn/lib/fz_vpn/cli/sandbox.ex
@@ -12,7 +12,6 @@ defmodule FzVpn.CLI.Sandbox do
   def setup, do: @default_returned
   def teardown, do: @default_returned
   def genkey, do: {rand_key(), rand_key()}
-  def genpsk, do: rand_key()
   def pubkey(_privkey), do: rand_key()
   def exec!(_cmd), do: @default_returned
   def set(_conf_str), do: @default_returned
diff --git a/apps/fz_vpn/lib/fz_vpn/config.ex b/apps/fz_vpn/lib/fz_vpn/config.ex
index c28421158..b4d4ea36a 100644
--- a/apps/fz_vpn/lib/fz_vpn/config.ex
+++ b/apps/fz_vpn/lib/fz_vpn/config.ex
@@ -3,29 +3,14 @@ defmodule FzVpn.Config do
   Functions for managing the WireGuard configuration.
   """
 
-  import FzVpn.CLI
-
   defstruct peers: MapSet.new([])
 
   def render(config) do
-    "private-key #{private_key()} listen-port #{listen_port()} " <>
-      Enum.join(
-        for peer <- config.peers do
-          "peer #{peer.public_key} allowed-ips #{peer.allowed_ips} preshared-key #{peer.preshared_key}"
-        end,
-        " "
-      )
-  end
-
-  def private_key do
-    Application.get_env(:fz_vpn, :wireguard_private_key)
-  end
-
-  def public_key do
-    cli().pubkey(private_key())
-  end
-
-  def listen_port do
-    Application.get_env(:fz_vpn, :wireguard_port)
+    Enum.join(
+      for peer <- config.peers do
+        "peer #{peer.public_key} allowed-ips #{peer.allowed_ips}"
+      end,
+      " "
+    )
   end
 end
diff --git a/apps/fz_vpn/lib/fz_vpn/peer.ex b/apps/fz_vpn/lib/fz_vpn/peer.ex
index 03a11fe36..dadfbe658 100644
--- a/apps/fz_vpn/lib/fz_vpn/peer.ex
+++ b/apps/fz_vpn/lib/fz_vpn/peer.ex
@@ -4,6 +4,5 @@ defmodule FzVpn.Peer do
   """
 
   defstruct public_key: nil,
-            allowed_ips: "0.0.0.0/0,::/0",
-            preshared_key: nil
+            allowed_ips: "0.0.0.0/0,::/0"
 end
diff --git a/apps/fz_vpn/lib/fz_vpn/server.ex b/apps/fz_vpn/lib/fz_vpn/server.ex
index 1b9f39bfb..a965dc7d5 100644
--- a/apps/fz_vpn/lib/fz_vpn/server.ex
+++ b/apps/fz_vpn/lib/fz_vpn/server.ex
@@ -31,10 +31,9 @@ defmodule FzVpn.Server do
 
   @impl true
   def handle_call(:create_device, _from, config) do
-    server_pubkey = Config.public_key()
+    server_pubkey = Application.get_env(:fz_vpn, :wireguard_public_key)
     {privkey, pubkey} = cli().genkey()
-    psk = cli().genpsk()
-    {:reply, {:ok, privkey, pubkey, server_pubkey, psk}, config}
+    {:reply, {:ok, privkey, pubkey, server_pubkey}, config}
   end
 
   @impl true
@@ -53,7 +52,7 @@ defmodule FzVpn.Server do
   end
 
   @impl true
-  def handle_cast({:device_created, pubkey, psk, ip}, config) do
+  def handle_cast({:device_created, pubkey, ip}, config) do
     new_config =
       Map.put(
         config,
@@ -61,7 +60,7 @@ defmodule FzVpn.Server do
         MapSet.put(config.peers, pubkey)
       )
 
-    cli().add_peer(pubkey, psk, ip)
+    cli().add_peer(pubkey, ip)
     {:noreply, new_config}
   end
 
diff --git a/apps/fz_vpn/test/fz_vpn/config_test.exs b/apps/fz_vpn/test/fz_vpn/config_test.exs
index a9b75f710..257c9b39d 100644
--- a/apps/fz_vpn/test/fz_vpn/config_test.exs
+++ b/apps/fz_vpn/test/fz_vpn/config_test.exs
@@ -2,14 +2,13 @@ defmodule FzVpn.ConfigTest do
   use ExUnit.Case, async: true
   alias FzVpn.{Config, Peer}
 
-  @default_config "private-key UAeZoaY95pKZE1Glq28sI2GJDfGGRFtlb4KC6rjY2Gs= listen-port 51820 "
-  @populated_config "private-key UAeZoaY95pKZE1Glq28sI2GJDfGGRFtlb4KC6rjY2Gs= listen-port 51820 peer test-pubkey allowed-ips test-allowed-ips preshared-key test-preshared-key"
+  @populated_config "peer test-pubkey allowed-ips test-allowed-ips"
 
   describe "render" do
     test "renders default config" do
       config = %Config{}
 
-      assert Config.render(config) == @default_config
+      assert Config.render(config) == ""
     end
 
     test "renders populated config" do
@@ -18,8 +17,7 @@ defmodule FzVpn.ConfigTest do
           MapSet.new([
             %Peer{
               public_key: "test-pubkey",
-              allowed_ips: "test-allowed-ips",
-              preshared_key: "test-preshared-key"
+              allowed_ips: "test-allowed-ips"
             }
           ])
       }
diff --git a/apps/fz_vpn/test/fz_vpn/server_test.exs b/apps/fz_vpn/test/fz_vpn/server_test.exs
index c4bae9cbf..8614c38ef 100644
--- a/apps/fz_vpn/test/fz_vpn/server_test.exs
+++ b/apps/fz_vpn/test/fz_vpn/server_test.exs
@@ -18,7 +18,7 @@ defmodule FzVpn.ServerTest do
 
     @tag stubbed_config: @empty
     test "generates new peer when requested", %{test_pid: test_pid} do
-      assert {:ok, _, _, _, _} = GenServer.call(test_pid, :create_device)
+      assert {:ok, _, _, _} = GenServer.call(test_pid, :create_device)
       # Peers aren't added to config until device is successfully created
       assert [] = MapSet.to_list(:sys.get_state(test_pid).peers)
     end
diff --git a/config/config.exs b/config/config.exs
index 8639b3a55..66f5abb6c 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -37,7 +37,7 @@ config :fz_wall,
 
 # This will be changed per-env
 config :fz_vpn,
-  wireguard_private_key: "UAeZoaY95pKZE1Glq28sI2GJDfGGRFtlb4KC6rjY2Gs=",
+  wireguard_public_key: "cB2yQeCxHO/qCH8APoM2D2Anf4Yd7sRLyfS7su71K3M=",
   wireguard_interface_name: "wg-firezone",
   wireguard_port: "51820",
   wireguard_endpoint_ip: "127.0.0.1",
diff --git a/config/dev.exs b/config/dev.exs
index bc240c38a..f7e75096e 100644
--- a/config/dev.exs
+++ b/config/dev.exs
@@ -32,6 +32,7 @@ config :fz_http, FzHttpWeb.Endpoint,
   ]
 
 config :fz_vpn,
+  wireguard_public_key: System.get_env("WIREGUARD_PUBLIC_KEY"),
   wg_path: "wg",
   cli: FzVpn.CLI.Live
 
diff --git a/config/releases.exs b/config/releases.exs
index 91ba834e2..80d94bddd 100644
--- a/config/releases.exs
+++ b/config/releases.exs
@@ -25,7 +25,6 @@ wg_path = System.fetch_env!("WG_PATH")
 encryption_key = System.fetch_env!("DATABASE_ENCRYPTION_KEY")
 secret_key_base = System.fetch_env!("SECRET_KEY_BASE")
 live_view_signing_salt = System.fetch_env!("LIVE_VIEW_SIGNING_SALT")
-private_key = System.fetch_env!("WIREGUARD_PRIVATE_KEY")
 
 # Password is not needed if using bundled PostgreSQL, so use nil if it's not set.
 database_password = System.get_env("DATABASE_PASSWORD")
@@ -78,8 +77,7 @@ config :fz_wall,
 config :fz_vpn,
   wireguard_interface_name: wireguard_interface_name,
   wireguard_port: wireguard_port,
-  wireguard_endpoint_ip: wireguard_endpoint_ip,
-  wireguard_private_key: private_key
+  wireguard_endpoint_ip: wireguard_endpoint_ip
 
 config :fz_http,
   admin_email: admin_email,
diff --git a/omnibus/cookbooks/firezone/attributes/default.rb b/omnibus/cookbooks/firezone/attributes/default.rb
index 39bf4f67d..977fcda33 100644
--- a/omnibus/cookbooks/firezone/attributes/default.rb
+++ b/omnibus/cookbooks/firezone/attributes/default.rb
@@ -62,8 +62,7 @@ default['firezone']['group'] = 'firezone'
 # Used for generating URLs that point back to this application.
 default['firezone']['url_host'] = node['firezone']['fqdn']
 # Email for the primary admin user.
-default['firezone']['admin_email'] =
-  "firezone@#{node['firezone']['fqdn']}"
+default['firezone']['admin_email'] = "firezone@localhost"
 
 # ## Enterprise
 #
diff --git a/omnibus/cookbooks/firezone/libraries/config.rb b/omnibus/cookbooks/firezone/libraries/config.rb
index 66085b950..dcca3150b 100644
--- a/omnibus/cookbooks/firezone/libraries/config.rb
+++ b/omnibus/cookbooks/firezone/libraries/config.rb
@@ -102,6 +102,8 @@ class Firezone
                             SecureRandom.base64(8)
                           end
 
+        node.override['firezone']['wireguard_public_key'] =
+          `echo '#{wireguard_private_key}' | #{node['firezone']['wireguard_private_key']}/embedded/bin/wg pubkey`.chomp
 
         secrets = {
           'secret_key_base' => secret_key_base,
@@ -228,11 +230,11 @@ class Firezone
         'WIREGUARD_INTERFACE_NAME' => attributes['wireguard']['interface_name'],
         'WIREGUARD_ENDPOINT_IP' => attributes['wireguard']['endpoint_ip'],
         'WIREGUARD_PORT' => attributes['wireguard']['port'].to_s,
+        'WIREGUARD_PUBLIC_KEY' => attributes['wireguard_public_key'],
 
         # secrets
         'SECRET_KEY_BASE' => attributes['secret_key_base'],
         'LIVE_VIEW_SIGNING_SALT' => attributes['live_view_signing_salt'],
-        'WIREGUARD_PRIVATE_KEY' => attributes['wireguard_private_key'],
         'DATABASE_ENCRYPTION_KEY' => attributes['database_encryption_key']
       }
 
diff --git a/omnibus/cookbooks/firezone/recipes/config.rb b/omnibus/cookbooks/firezone/recipes/config.rb
index 5ff6b0b5c..88e6497e8 100644
--- a/omnibus/cookbooks/firezone/recipes/config.rb
+++ b/omnibus/cookbooks/firezone/recipes/config.rb
@@ -91,3 +91,11 @@ file "#{node['firezone']['config_directory']}/secrets.json" do
   group node['firezone']['group']
   mode '0600'
 end
+
+file "#{node['firezone']['var_directory']}/cache/wg_private_key" do
+  owner 'root'
+  group 'root'
+  mode '0600'
+  content node['firezone']['wireguard_private_key']
+  action :create_if_missing
+end
diff --git a/omnibus/cookbooks/firezone/recipes/network.rb b/omnibus/cookbooks/firezone/recipes/network.rb
index 85c04588e..dbadaeade 100644
--- a/omnibus/cookbooks/firezone/recipes/network.rb
+++ b/omnibus/cookbooks/firezone/recipes/network.rb
@@ -46,15 +46,6 @@ execute 'setup_wireguard_ip' do
   command "ip address replace #{if_addr} dev #{wg_interface}"
 end
 
-file 'write_private_key_file' do
-  path private_key_path
-  owner 'root'
-  group 'root'
-  mode '0600'
-  content node['firezone']['wireguard_private_key']
-  action :create_if_missing
-end
-
 execute 'set_wireguard_interface_private_key' do
   command "#{wg_path} set #{wg_interface} private-key #{private_key_path}"
 end