initial: no secrets

2026-06-20 06:22:38 +02:00 · 2024-02-12 17:01:18 +01:00
commit cf9efd55b5
186 changed files with 8697 additions and 0 deletions
@@ -0,0 +1,45 @@
+server 172.16.1.0 255.255.255.0
+#server-ipv6 fd2a:aef:608:1::/64
+
+dev athq_sheppyvpn
+dev-type {{ dev_type }}
+
+proto {{ proto }}
+port {{ port }}
+
+{% if dev_type == "tap" %}
+topology subnet
+client-to-client
+{% endif %}
+
+# disable logging
+#log /dev/null
+#status /dev/null
+
+script-security 2
+tls-server
+mode server
+#duplicate-cn
+
+persist-key
+persist-tun
+
+keepalive 10 60
+
+user nobody
+group nogroup
+
+data-ciphers AES-256-CBC
+data-ciphers-fallback AES-256-CBC
+auth SHA512
+
+ca   /data/certificate-manager/keys/ca.crt
+cert vpn.atlantishq.de.crt
+key  vpn.atlantishq.de.key
+dh   dh.param
+
+crl-verify /data/certificate-manager/crl.pem
+
+client-config-dir /data/certificate-manager/client-config-dir
+ccd-exclusive
+management 0.0.0.0 {{ openvpn_management_port }} {{ openvpn_management_passfile }}
@@ -0,0 +1,31 @@
+CA_KEY_SIZE = 2048
+CA_NAME     = "AtlantisHQv2"
+
+CRL_PATH  = "./data/crl.pem"
+KEYS_PATH = "./data/keys/"
+
+
+CA_KEY_PATH  = "./data/keys/ca.key"
+CA_CERT_PATH = "./data/keys/ca.crt"
+CA_CERT_PATH = "./data/keys/ca.crt"
+
+C_DEFAULT  = "DE"
+L_DEFAULT  = "Bavaria"
+ST_DEFAULT = "Erlangen"
+O_DEFAULT  = "AtlantisHQ"
+OU_DEFAULT = "Sheppy"
+
+SQLALCHEMY_DATABASE_URI  = "sqlite:///./data/sqlite.db"
+CREATE_CA_IF_NOT_EXISTS  = True
+LOAD_MISSING_CERTS_TO_DB = False
+
+VPN_CONFIG_DIR_PATH      = "./data/client-config-dir/"
+ENABLE_VPN_CONNECTION    = True
+VPN_MANAGEMENT_HOST      = "host.docker.internal"
+VPN_MANAGEMENT_PORT      = {{ openvpn_management_port }}
+VPN_MANAGEMENT_PASSWORD  = "{{ openvpn_management_password }}"
+NGINX_CERT_MAPS_LOCATION = "./data/nginx_maps.j2"
+
+VPN_SERVER = "atlantishq.de"
+VPN_PORT   = 7012
+VPN_PROTO  = "tcp"
@@ -0,0 +1,11 @@
+certificate-manager:
+    image: registry.atlantishq.de/certificate-manager:latest
+    restart: always
+    ports:
+        - 6000:5000
+    volumes:
+        - /data/certificate-manager/:/app/data/
+    extra_hosts:
+        - host.docker.internal:host-gateway
+    environment:
+        - SQLITE_LOCATION=sqlite:////app/data/sqlite.db