Add dockovpn

Mayurifag · Nov 3, 2024 · 94b20f7 · 94b20f7
1 parent f802a79
commit 94b20f7
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Cloudflare or your favourite DNS provider.
 
 ### VPS
 
-* Debian 10-11 (Ubuntu works, though requires some inteventions)
+* Debian 10-12 (Ubuntu works, though requires some/many interventions)
 * Large folder for docker data (Done by VPS via large disk)
 * ssh authorization key for root user (Done by VPS or
 `ssh-copy-id [email protected]`)
@@ -103,8 +103,9 @@ Host mayurifag-prod
 
 | Name                    | Default endpoint                             | App. Port   |
 | ----------------------- | -------------------------------------------- | ----------- |
-| 3proxy                  | <socks5://mayurifag.local:1080 or 3128       | 1080/3128   |
-| Blocky                  | -                                            | -           |
+| 3proxy                  | <socks5://mayurifag.local:1080> or 3128      | 1080/3128   |
+| Blocky                  | [DNS] -> <ip>:53                             | 53          |
+| Dockovpn                | <http://dockovpn.mayurifag.local>            | 1194/8080   |
 | Hemmelig                | <http://secret.mayurifag.local>              | 3000        |
 | mayurifag.github.io     | <http://mayurifag.local>                     | 8005        |
 | Navidrome               | <http://mus.mayurifag.local>                 | 80          |

diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -106,3 +106,6 @@ hemmelig_subdomain: "secret"
 
 nextcloud_enabled: true
 nextcloud_subdomain: "nextcloud"
+
+dockovpn_enabled: true
+dockovpn_subdomain: "vpn"
diff --git a/inventories/sample/group_vars/sample.yml b/inventories/sample/group_vars/sample.yml
@@ -102,3 +102,6 @@ hemmelig_subdomain: "secret"
 
 nextcloud_enabled: true
 nextcloud_subdomain: "nextcloud"
+
+dockovpn_enabled: true
+dockovpn_subdomain: "vpn"
diff --git a/provisioning.yml b/provisioning.yml
@@ -11,7 +11,7 @@
 
 - name: Provisioning
   hosts: all
-  gather_facts: no
+  gather_facts: yes
   roles:
     ###
     ### Run general preparation
@@ -120,6 +120,12 @@
         - nextcloud
       when: (nextcloud_enabled | default(False))
 
+    # requires gather_facts: yes
+    - role: dockovpn
+      tags:
+        - dockovpn
+      when: (dockovpn_enabled | default(False))
+
     - role: geerlingguy.security
       tags:
         - security

diff --git a/roles/dockovpn/defaults/main.yml b/roles/dockovpn/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+dockovpn_enabled: true
+dockovpn_available_externally: "true"
+
+dockovpn_subdomain: "vpn"
+dockovpn_port: 1194
+dockovpn_client_config_port: 9812
+
+# specs
+dockovpn_memory: 1g
diff --git a/roles/dockovpn/tasks/main.yml b/roles/dockovpn/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Get external IPv4 address
+  ansible.builtin.set_fact:
+    external_ipv4: "{{ ansible_default_ipv4.address }}"
+
+- name: DockerVPN Container
+  community.docker.docker_container:
+    name: dockovpn
+    image: alekslitvinenk/openvpn:latest
+    pull: true
+    capabilities:
+      - NET_ADMIN
+    ports:
+      - "{{ dockovpn_port }}:1194/udp"
+      - "{{ dockovpn_client_config_port }}:8080/tcp"
+    env:
+      HOST_ADDR: "{{ external_ipv4 }}"
+    restart_policy: unless-stopped
+    memory: "{{ dockovpn_memory }}"
+    labels:
+      traefik.enable: "{{ dockovpn_available_externally }}"
+      traefik.http.routers.dockovpn.rule: "Host(`{{ dockovpn_subdomain }}.{{ server_hostname }}`)"
+      traefik.http.services.dockovpn.loadbalancer.server.port: "8080"
+      traefik.http.routers.dockovpn.middlewares: "secure-headers@file"