Commit 835ca1db authored by nanahira's avatar nanahira

save

parent 8768d99d
...@@ -13,8 +13,15 @@ services: ...@@ -13,8 +13,15 @@ services:
environment: environment:
IPTABLES_EXEC: '{{iptables_exec}}' IPTABLES_EXEC: '{{iptables_exec}}'
MASQ_INTERFACE: '{{masq_interface}}' MASQ_INTERFACE: '{{masq_interface}}'
{% if username is defined and username %}
USERNAME: '{{username}}' USERNAME: '{{username}}'
PASSWORD: '{{password}}' PASSWORD: '{{password}}'
{% endif %}
{% if users is defined and users %}
{% for user in users %}
'USER_{{user.username}}': '{{user.password}}'
{% endfor %}
{% endif %}
entrypoint: entrypoint:
- /entrypoint.sh - /entrypoint.sh
command: command:
......
...@@ -33,7 +33,7 @@ def count_chnrouter_length(): ...@@ -33,7 +33,7 @@ def count_chnrouter_length():
# externals = universe - special # externals = universe - special
chnrouter = universe - chnroutes chnrouter = universe - chnroutes
expect_length = 200 expect_length = 198
chnrouter_length = count_chnrouter_length() chnrouter_length = count_chnrouter_length()
......
version: '2.4'
services:
{% for instance in instances %}
'openconnect-{{instance.name}}':
restart: always
image: git-registry.mycard.moe/railgun/openconnect
network_mode: host
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- ./templates/up.sh:/etc/vpnc/post-connect.d/up.sh:ro
- ./templates/down.sh:/etc/vpnc/disconnect.d/down.sh:ro
command:
- bash
- -c
- echo '{{instance.password}}' | openconnect '--user={{instance.username}}' --passwd-on-stdin --passtos --interface={{instance.name}} '{{instance.endpoint}}' --no-dtls
{% endfor %}
#!/bin/sh
dev="$TUNDEV"
{% for instance in instances %}
{% if instance.down is defined and instance.down %}
if [ "$dev" = '{{instance.name}}' ]; then
## Down script for {{instance.name}}
{{instance.down}}
fi
{% endif %}
{% endfor %}
{% if down is defined and down %}
# Global down script
{{down}}
{% endif %}
true
#!/bin/sh
dev="$TUNDEV"
{% if up is defined and up %}
# Global up script
{{up}}
{% endif %}
{% for instance in instances %}
{% if instance.up is defined and instance.up %}
if [ "$dev" = '{{instance.name}}' ]; then
## Up script for {{instance.name}}
{{instance.up}}
fi
{% endif %}
{% endfor %}
true
...@@ -10,9 +10,9 @@ services: ...@@ -10,9 +10,9 @@ services:
- NET_RAW - NET_RAW
volumes: volumes:
- ./templates/ikev2-express.conf:/etc/swanctl/conf.d/ikev2.conf:ro - ./templates/ikev2-express.conf:/etc/swanctl/conf.d/ikev2.conf:ro
- ./data/certs/{{inventory_hostname}}/certificate.crt:/etc/swanctl/x509/cert.pem:ro - ./data/certs/{{ansible_ssh_host}}/certificate.crt:/etc/swanctl/x509/cert.pem:ro
- ./data/certs/{{inventory_hostname}}/private.key:/etc/swanctl/private/privkey.pem:ro - ./data/certs/{{ansible_ssh_host}}/private.key:/etc/swanctl/private/privkey.pem:ro
- ./data/certs/{{inventory_hostname}}/ca_bundle.crt:/etc/swanctl/x509ca/ca.pem:ro - ./data/certs/{{ansible_ssh_host}}/ca_bundle.crt:/etc/swanctl/x509ca/ca.pem:ro
# command: sleep infinity # command: sleep infinity
environment: environment:
FOO: 3 FOO: 3
......
#!/bin/bash #!/bin/bash
domain="$1" extract_domain() {
zip="certs/$domain.zip" domain="$1"
dist="data/certs/$domain" zip="certs/$domain.zip"
dist="data/certs/$domain"
7z x -y -o"$dist" "$zip" 7z x -y -o"$dist" "$zip"
}
# run for every param in certs directory certs/example.com.zip
for zip in certs/*.zip; do
domain=$(basename "$zip" .zip)
extract_domain "$domain"
done
...@@ -11,7 +11,7 @@ connections { ...@@ -11,7 +11,7 @@ connections {
local_addrs = %any local_addrs = %any
local { local {
certs = cert.pem certs = cert.pem
id = {{inventory_hostname}} id = {{server_id}}
} }
remote { remote {
auth = eap-mschapv2 auth = eap-mschapv2
...@@ -31,10 +31,12 @@ secrets { ...@@ -31,10 +31,12 @@ secrets {
private-cert { private-cert {
file = privkey.pem file = privkey.pem
} }
eap-{{inventory_hostname_short}} { {% for user in users %}
id = {{inventory_hostname_short}} eap-{{user.id}} {
secret = "{{secret}}" id = {{user.id}}
secret = "{{user.secret}}"
} }
{% endfor %}
} }
pools { pools {
rw_pool { rw_pool {
......
...@@ -11,7 +11,7 @@ connections { ...@@ -11,7 +11,7 @@ connections {
local_addrs = %any local_addrs = %any
local { local {
certs = cert.pem certs = cert.pem
id = {{inventory_hostname}} id = {{server_id}}
} }
remote { remote {
auth = eap-mschapv2 auth = eap-mschapv2
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment