1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
# vi: set ft=ruby :
# frozen_string_literal: true
ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
Vagrant.require_version '>= 2.2.6'
Vagrant.configure('2') do |config|
config.vm.box = 'generic/alpine319'
config.vm.box_version = '4.3.12'
config.vm.box_check_update = false
config.vm.hostname = 'virt-vpn3'
# ssh
config.ssh.insert_key = true
config.ssh.keep_alive = true
config.ssh.keys_only = true
# timeouts
config.vm.boot_timeout = 300
config.vm.graceful_halt_timeout = 60
config.ssh.connect_timeout = 15
# shares
# config.vm.synced_folder './share', '/home/vagrant/nfs', type: 'nfs', nfs_version: 4, nfs_udp: false
config.vm.provider 'libvirt' do |libvirt|
libvirt.default_prefix = 'vpn3-'
libvirt.driver = 'kvm'
libvirt.memory = '128'
libvirt.cpus = 1
libvirt.sound_type = nil
libvirt.qemuargs value: '-nographic'
libvirt.qemuargs value: '-nodefaults'
libvirt.qemuargs value: '-no-user-config'
libvirt.qemuargs value: '-serial'
libvirt.qemuargs value: 'pty'
# libvirt.random model: 'random'
end
config.vm.provision 'update', type: 'shell', name: 'update', inline: <<-SHELL
set -ex
sudo apk add openvpn nfs-utils ufw
mkdir -p /vagrant && \
sudo mount -t nfs 192.168.121.1:/home/devi/share/nfs /vagrant
SHELL
config.vm.provision 'update-root', type: 'shell', name: 'update-root', privileged: true, inline: <<-SHELL
set -ex
echo tun >> /etc/modules
#rc-update add openvpn default
mkdir -p /tmp/mullvad/ && \
cp /vagrant/mullvad_openvpn_linux_se_got.zip /tmp/mullvad/ && \
cd /tmp/mullvad && \
unzip mullvad_openvpn_linux_se_got.zip && \
mv mullvad_config_linux_se_got/mullvad_se_got.conf /etc/openvpn/openvpn.conf && \
mv mullvad_config_linux_se_got/mullvad_userpass.txt /etc/openvpn/ && \
mv mullvad_config_linux_se_got/mullvad_ca.crt /etc/openvpn/ && \
mv mullvad_config_linux_se_got/update-resolv-conf /etc/openvpn && \
chmod 755 /etc/openvpn/update-resolv-conf
modprobe tun
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/ipv4.conf
sysctl -p /etc/sysctl.d/ipv4.conf
rc-service openvpn start || true
sleep 1
SHELL
config.vm.provision 'killswitch', type: 'shell', name: 'killswitch', privileged: true, inline: <<-SHELL
ufw --force reset
ufw default deny incoming
ufw default deny outgoing
ufw allow in on tun0
ufw allow out on tun0
# enable libvirt bridge
ufw allow in on eth0 from 192.168.121.1
ufw allow out on eth0 to 192.168.121.1
# server block
ufw allow out on eth0 to 185.213.154.131 port 1197
ufw allow in on eth0 from 185.213.154.131 port 1197
ufw allow out on eth0 to 185.213.154.133 port 1197
ufw allow in on eth0 from 185.213.154.133 port 1197
ufw allow out on eth0 to 185.213.154.134 port 1197
ufw allow in on eth0 from 185.213.154.134 port 1197
ufw allow out on eth0 to 185.213.154.132 port 1197
ufw allow in on eth0 from 185.213.154.132 port 1197
echo y | ufw enable
SHELL
end
|
