Commit 835ca1db authored by nanahira's avatar nanahira

save

parent 8768d99d
......@@ -13,8 +13,15 @@ services:
environment:
IPTABLES_EXEC: '{{iptables_exec}}'
MASQ_INTERFACE: '{{masq_interface}}'
{% if username is defined and username %}
USERNAME: '{{username}}'
PASSWORD: '{{password}}'
{% endif %}
{% if users is defined and users %}
{% for user in users %}
'USER_{{user.username}}': '{{user.password}}'
{% endfor %}
{% endif %}
entrypoint:
- /entrypoint.sh
command:
......
......@@ -33,7 +33,7 @@ def count_chnrouter_length():
# externals = universe - special
chnrouter = universe - chnroutes
expect_length = 200
expect_length = 198
chnrouter_length = count_chnrouter_length()
......
version: '2.4'
services:
{% for instance in instances %}
'openconnect-{{instance.name}}':
restart: always
image: git-registry.mycard.moe/railgun/openconnect
network_mode: host
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- ./templates/up.sh:/etc/vpnc/post-connect.d/up.sh:ro
- ./templates/down.sh:/etc/vpnc/disconnect.d/down.sh:ro
command:
- bash
- -c
- echo '{{instance.password}}' | openconnect '--user={{instance.username}}' --passwd-on-stdin --passtos --interface={{instance.name}} '{{instance.endpoint}}' --no-dtls
{% endfor %}
#!/bin/sh
dev="$TUNDEV"
{% for instance in instances %}
{% if instance.down is defined and instance.down %}
if [ "$dev" = '{{instance.name}}' ]; then
## Down script for {{instance.name}}
{{instance.down}}
fi
{% endif %}
{% endfor %}
{% if down is defined and down %}
# Global down script
{{down}}
{% endif %}
true
#!/bin/sh
dev="$TUNDEV"
{% if up is defined and up %}
# Global up script
{{up}}
{% endif %}
{% for instance in instances %}
{% if instance.up is defined and instance.up %}
if [ "$dev" = '{{instance.name}}' ]; then
## Up script for {{instance.name}}
{{instance.up}}
fi
{% endif %}
{% endfor %}
true
......@@ -10,9 +10,9 @@ services:
- NET_RAW
volumes:
- ./templates/ikev2-express.conf:/etc/swanctl/conf.d/ikev2.conf:ro
- ./data/certs/{{inventory_hostname}}/certificate.crt:/etc/swanctl/x509/cert.pem:ro
- ./data/certs/{{inventory_hostname}}/private.key:/etc/swanctl/private/privkey.pem:ro
- ./data/certs/{{inventory_hostname}}/ca_bundle.crt:/etc/swanctl/x509ca/ca.pem:ro
- ./data/certs/{{ansible_ssh_host}}/certificate.crt:/etc/swanctl/x509/cert.pem:ro
- ./data/certs/{{ansible_ssh_host}}/private.key:/etc/swanctl/private/privkey.pem:ro
- ./data/certs/{{ansible_ssh_host}}/ca_bundle.crt:/etc/swanctl/x509ca/ca.pem:ro
# command: sleep infinity
environment:
FOO: 3
......
#!/bin/bash
domain="$1"
zip="certs/$domain.zip"
dist="data/certs/$domain"
extract_domain() {
domain="$1"
zip="certs/$domain.zip"
dist="data/certs/$domain"
7z x -y -o"$dist" "$zip"
7z x -y -o"$dist" "$zip"
}
# run for every param in certs directory certs/example.com.zip
for zip in certs/*.zip; do
domain=$(basename "$zip" .zip)
extract_domain "$domain"
done
......@@ -11,7 +11,7 @@ connections {
local_addrs = %any
local {
certs = cert.pem
id = {{inventory_hostname}}
id = {{server_id}}
}
remote {
auth = eap-mschapv2
......@@ -31,10 +31,12 @@ secrets {
private-cert {
file = privkey.pem
}
eap-{{inventory_hostname_short}} {
id = {{inventory_hostname_short}}
secret = "{{secret}}"
{% for user in users %}
eap-{{user.id}} {
id = {{user.id}}
secret = "{{user.secret}}"
}
{% endfor %}
}
pools {
rw_pool {
......
......@@ -11,7 +11,7 @@ connections {
local_addrs = %any
local {
certs = cert.pem
id = {{inventory_hostname}}
id = {{server_id}}
}
remote {
auth = eap-mschapv2
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment