Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
S
services
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nanahira
services
Commits
835ca1db
Commit
835ca1db
authored
May 09, 2024
by
nanahira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
save
parent
8768d99d
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
91 additions
and
13 deletions
+91
-13
ocserv-single/docker-compose.yml.j2
ocserv-single/docker-compose.yml.j2
+7
-0
ocserv-single/templates/route-helper/route_helper.py
ocserv-single/templates/route-helper/route_helper.py
+1
-1
openconnect/data/.gitkeep
openconnect/data/.gitkeep
+0
-0
openconnect/docker-compose.yml.j2
openconnect/docker-compose.yml.j2
+19
-0
openconnect/templates/.gitkeep
openconnect/templates/.gitkeep
+0
-0
openconnect/templates/down.sh.j2
openconnect/templates/down.sh.j2
+21
-0
openconnect/templates/up.sh.j2
openconnect/templates/up.sh.j2
+21
-0
zeeai-ikev2/docker-compose.yml.j2
zeeai-ikev2/docker-compose.yml.j2
+3
-3
zeeai-ikev2/extract-certs.sh
zeeai-ikev2/extract-certs.sh
+12
-4
zeeai-ikev2/templates/ikev2-express.conf.j2
zeeai-ikev2/templates/ikev2-express.conf.j2
+6
-4
zeeai-ikev2/templates/ikev2.conf.j2
zeeai-ikev2/templates/ikev2.conf.j2
+1
-1
No files found.
ocserv-single/docker-compose.yml.j2
View file @
835ca1db
...
...
@@ -13,8 +13,15 @@ services:
environment:
IPTABLES_EXEC: '{{iptables_exec}}'
MASQ_INTERFACE: '{{masq_interface}}'
{% if username is defined and username %}
USERNAME: '{{username}}'
PASSWORD: '{{password}}'
{% endif %}
{% if users is defined and users %}
{% for user in users %}
'USER_{{user.username}}': '{{user.password}}'
{% endfor %}
{% endif %}
entrypoint:
- /entrypoint.sh
command:
...
...
ocserv-single/templates/route-helper/route_helper.py
View file @
835ca1db
...
...
@@ -33,7 +33,7 @@ def count_chnrouter_length():
# externals = universe - special
chnrouter
=
universe
-
chnroutes
expect_length
=
200
expect_length
=
198
chnrouter_length
=
count_chnrouter_length
()
...
...
openconnect/data/.gitkeep
0 → 100644
View file @
835ca1db
openconnect/docker-compose.yml.j2
0 → 100644
View file @
835ca1db
version: '2.4'
services:
{% for instance in instances %}
'openconnect-{{instance.name}}':
restart: always
image: git-registry.mycard.moe/railgun/openconnect
network_mode: host
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- ./templates/up.sh:/etc/vpnc/post-connect.d/up.sh:ro
- ./templates/down.sh:/etc/vpnc/disconnect.d/down.sh:ro
command:
- bash
- -c
- echo '{{instance.password}}' | openconnect '--user={{instance.username}}' --passwd-on-stdin --passtos --interface={{instance.name}} '{{instance.endpoint}}' --no-dtls
{% endfor %}
openconnect/templates/.gitkeep
0 → 100644
View file @
835ca1db
openconnect/templates/down.sh.j2
0 → 100755
View file @
835ca1db
#!/bin/sh
dev
=
"
$TUNDEV
"
{
%
for
instance
in
instances %
}
{
%
if
instance.down is defined and instance.down %
}
if
[
"
$dev
"
=
'{{instance.name}}'
]
;
then
## Down script for {{instance.name}}
{{
instance.down
}}
fi
{
% endif %
}
{
% endfor %
}
{
%
if
down is defined and down %
}
# Global down script
{{
down
}}
{
% endif %
}
true
openconnect/templates/up.sh.j2
0 → 100755
View file @
835ca1db
#!/bin/sh
dev
=
"
$TUNDEV
"
{
%
if
up is defined and up %
}
# Global up script
{{
up
}}
{
% endif %
}
{
%
for
instance
in
instances %
}
{
%
if
instance.up is defined and instance.up %
}
if
[
"
$dev
"
=
'{{instance.name}}'
]
;
then
## Up script for {{instance.name}}
{{
instance.up
}}
fi
{
% endif %
}
{
% endfor %
}
true
zeeai-ikev2/docker-compose.yml.j2
View file @
835ca1db
...
...
@@ -10,9 +10,9 @@ services:
- NET_RAW
volumes:
- ./templates/ikev2-express.conf:/etc/swanctl/conf.d/ikev2.conf:ro
- ./data/certs/{{
inventory_hostname
}}/certificate.crt:/etc/swanctl/x509/cert.pem:ro
- ./data/certs/{{
inventory_hostname
}}/private.key:/etc/swanctl/private/privkey.pem:ro
- ./data/certs/{{
inventory_hostname
}}/ca_bundle.crt:/etc/swanctl/x509ca/ca.pem:ro
- ./data/certs/{{
ansible_ssh_host
}}/certificate.crt:/etc/swanctl/x509/cert.pem:ro
- ./data/certs/{{
ansible_ssh_host
}}/private.key:/etc/swanctl/private/privkey.pem:ro
- ./data/certs/{{
ansible_ssh_host
}}/ca_bundle.crt:/etc/swanctl/x509ca/ca.pem:ro
# command: sleep infinity
environment:
FOO: 3
...
...
zeeai-ikev2/extract-certs.sh
View file @
835ca1db
#!/bin/bash
domain
=
"
$1
"
zip
=
"certs/
$domain
.zip"
dist
=
"data/certs/
$domain
"
extract_domain
()
{
domain
=
"
$1
"
zip
=
"certs/
$domain
.zip"
dist
=
"data/certs/
$domain
"
7z x
-y
-o
"
$dist
"
"
$zip
"
7z x
-y
-o
"
$dist
"
"
$zip
"
}
# run for every param in certs directory certs/example.com.zip
for
zip
in
certs/
*
.zip
;
do
domain
=
$(
basename
"
$zip
"
.zip
)
extract_domain
"
$domain
"
done
zeeai-ikev2/templates/ikev2-express.conf.j2
View file @
835ca1db
...
...
@@ -11,7 +11,7 @@ connections {
local_addrs = %any
local {
certs = cert.pem
id = {{
inventory_hostname
}}
id = {{
server_id
}}
}
remote {
auth = eap-mschapv2
...
...
@@ -31,10 +31,12 @@ secrets {
private-cert {
file = privkey.pem
}
eap-{{inventory_hostname_short}} {
id = {{inventory_hostname_short}}
secret = "{{secret}}"
{% for user in users %}
eap-{{user.id}} {
id = {{user.id}}
secret = "{{user.secret}}"
}
{% endfor %}
}
pools {
rw_pool {
...
...
zeeai-ikev2/templates/ikev2.conf.j2
View file @
835ca1db
...
...
@@ -11,7 +11,7 @@ connections {
local_addrs = %any
local {
certs = cert.pem
id = {{
inventory_hostname
}}
id = {{
server_id
}}
}
remote {
auth = eap-mschapv2
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment