initial: no secrets

2026-06-20 04:22:37 +02:00 · 2024-02-12 17:01:18 +01:00
commit cf9efd55b5
186 changed files with 8697 additions and 0 deletions
@@ -0,0 +1,100 @@
+- name: Install VPNs
+  apt:
+    state: present
+    pkg:
+        - openvpn
+        - docker-compose
+
+- name: OpenVPN configs dirs
+  file:
+    name: "/etc/openvpn/{{ item }}"
+    state: directory
+  with_items:
+    - atlantishq
+
+- name: Deploy OpenVPN configs
+  template:
+    src: "{{ item }}.conf"
+    dest: "/etc/openvpn/{{ item }}-{{ item.dev_type }}/{{ item }}-{{ item.dev_type }}.conf"
+  with_items:
+    - { "name" : "atlantishq", "dev_type" : "tap", "port" : 7012 }
+    - { "name" : "atlantishq", "dev_type" : "tun", "port" : 7013 }
+
+- name: Openvpn Mgnt interface Pass file
+  copy:
+    content: "{{ openvpn_management_password }}"
+    dest: "/etc/openvpn/{{ openvpn_management_passfile }}"
+
+- name: Create data-dir
+  file:
+    name: /data/
+    state: directory
+
+- name: Create data-dir (client-config-dir)
+  file:
+    name: /data/certificate-manager/client-config-dir/
+    state: directory
+
+- name: Create opt-dir
+  file:
+    name: /opt/
+    state: directory
+
+- name: Certificate Manager Data Dir
+  file:
+    name: /data/certificate-manager/
+    state: directory
+
+- name: Cert Manager Config
+  template:
+    src: cert-manager-conf.py
+    dest: /data/certificate-manager/config.py
+
+- name: Create compose directories
+  file:
+    name: "/opt/certificate-manager/"
+    state: directory
+
+- name: Copy compose templates
+  template:
+    src: "certificate-manager.yaml"
+    dest: "/opt/certificate-manager/"
+
+- name: Log into private registry
+  docker_login:
+    registry: registry.atlantishq.de
+    username: docker
+    password: ""
+
+- name: Deploy compose templates
+  community.docker.docker_compose:
+    project_src: "/opt/certificate-manager/"
+    pull: true
+    files:
+      - "certificate-manager.yaml"
+
+# setup oauth proxy #
+- name: include services ports
+  include_vars: services.yaml
+
+- name: OAuth2Proxy directories
+  file:
+    path: "/opt/oauth2proxy/{{ item }}/"
+    state: directory
+    recurse: yes
+  with_items:
+    - cert-manager
+
+- name: Deploy OAuth2Proxy compose files
+  template:
+    src: oauth-standalone-docker-compose.yaml
+    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
+  with_items:
+    - cert-manager
+
+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - cert-manager
@@ -0,0 +1,45 @@
+server 172.16.1.0 255.255.255.0
+#server-ipv6 fd2a:aef:608:1::/64
+
+dev athq_sheppyvpn
+dev-type {{ dev_type }}
+
+proto {{ proto }}
+port {{ port }}
+
+{% if dev_type == "tap" %}
+topology subnet
+client-to-client
+{% endif %}
+
+# disable logging
+#log /dev/null
+#status /dev/null
+
+script-security 2
+tls-server
+mode server
+#duplicate-cn
+
+persist-key
+persist-tun
+
+keepalive 10 60
+
+user nobody
+group nogroup
+
+data-ciphers AES-256-CBC
+data-ciphers-fallback AES-256-CBC
+auth SHA512
+
+ca   /data/certificate-manager/keys/ca.crt
+cert vpn.atlantishq.de.crt
+key  vpn.atlantishq.de.key
+dh   dh.param
+
+crl-verify /data/certificate-manager/crl.pem
+
+client-config-dir /data/certificate-manager/client-config-dir
+ccd-exclusive
+management 0.0.0.0 {{ openvpn_management_port }} {{ openvpn_management_passfile }}
@@ -0,0 +1,31 @@
+CA_KEY_SIZE = 2048
+CA_NAME     = "AtlantisHQv2"
+
+CRL_PATH  = "./data/crl.pem"
+KEYS_PATH = "./data/keys/"
+
+
+CA_KEY_PATH  = "./data/keys/ca.key"
+CA_CERT_PATH = "./data/keys/ca.crt"
+CA_CERT_PATH = "./data/keys/ca.crt"
+
+C_DEFAULT  = "DE"
+L_DEFAULT  = "Bavaria"
+ST_DEFAULT = "Erlangen"
+O_DEFAULT  = "AtlantisHQ"
+OU_DEFAULT = "Sheppy"
+
+SQLALCHEMY_DATABASE_URI  = "sqlite:///./data/sqlite.db"
+CREATE_CA_IF_NOT_EXISTS  = True
+LOAD_MISSING_CERTS_TO_DB = False
+
+VPN_CONFIG_DIR_PATH      = "./data/client-config-dir/"
+ENABLE_VPN_CONNECTION    = True
+VPN_MANAGEMENT_HOST      = "host.docker.internal"
+VPN_MANAGEMENT_PORT      = {{ openvpn_management_port }}
+VPN_MANAGEMENT_PASSWORD  = "{{ openvpn_management_password }}"
+NGINX_CERT_MAPS_LOCATION = "./data/nginx_maps.j2"
+
+VPN_SERVER = "atlantishq.de"
+VPN_PORT   = 7012
+VPN_PROTO  = "tcp"
@@ -0,0 +1,11 @@
+certificate-manager:
+    image: registry.atlantishq.de/certificate-manager:latest
+    restart: always
+    ports:
+        - 6000:5000
+    volumes:
+        - /data/certificate-manager/:/app/data/
+    extra_hosts:
+        - host.docker.internal:host-gateway
+    environment:
+        - SQLITE_LOCATION=sqlite:////app/data/sqlite.db