add host ch-vpn

6 files changed, 79 insertions, 0 deletions

diff --git a/chaos-at-home/ch-vpn.yml b/chaos-at-home/ch-vpn.yml
new file mode 100644
index 00000000..b6d98b07
--- /dev/null
+++ b/chaos-at-home/ch-vpn.yml
@@ -0,0 +1,23 @@
+---
+- name: Basic Setup
+  hosts: ch-vpn
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd
+  - role: core/zsh
+  - role: core/ntp
+  - role: apt-repo/spreadspace
+  - role: network/wireguard/base
+  - role: apt-repo/nordvpn
+  post_tasks:
+  - name: install nordvpn
+    apt:
+      name: nordvpn
+      state: present
+
+## nordvpn settings:
+
+# nordvpn set technology NordLynx
+# nordvpn whitelist add subnet 192.168.28.0/24
+# nordvpn whitelist add subnet 192.168.32.0/24
diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml
index 0c637010..0ad3f5a4 100644
--- a/inventory/group_vars/chaos-at-home/network.yml
+++ b/inventory/group_vars/chaos-at-home/network.yml
@@ -54,6 +54,7 @@ network_zones:
       ch-apps: 1
       ch-http-proxy: 8
       ch-imap-proxy: 9
+      ch-vpn: 10
       ch-k8s-master: 20
       ch-jump: 22
       ch-gw-lan: 28
diff --git a/inventory/host_vars/ch-vpn.yml b/inventory/host_vars/ch-vpn.yml
new file mode 100644
index 00000000..193d7417
--- /dev/null
+++ b/inventory/host_vars/ch-vpn.yml
@@ -0,0 +1,33 @@
+---
+install_jumphost: ch-jump
+
+install:
+  vm:
+    memory: 2G
+    numcpus: 2
+    autostart: yes
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 20g
+  interfaces:
+  - bridge: br-svc
+    name: svc0
+
+network:
+  nameservers: "{{ network_zones.svc.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary: &_network_primary_
+    name: svc0
+    address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ network_zones.svc.gateway }}"
+    static_routes:
+    - destination: "{{ network_zones.lan.prefix }}"
+      gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index f8de1d26..f7160fb3 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -29,6 +29,7 @@ ch-auth-legacy host_name=auth
 ch-prometheus-legacy host_name=prometheus
 ch-testvm-prometheus host_name=testvm-prometheus
 ch-iot host_name=iot
+ch-vpn host_name=vpn
 ch-epimetheus host_name=epimetheus
 ch-atlas host_name=atlas
 ch-pan host_name=pan
@@ -286,6 +287,7 @@ ch-auth-legacy
 ch-prometheus-legacy
 ch-testvm-prometheus
 ch-iot
+ch-vpn
 ch-k8s-master
 [vmhost-ch-prometheus]
 ch-prometheus
diff --git a/roles/apt-repo/nordvpn/files/repo.gpg b/roles/apt-repo/nordvpn/files/repo.gpg
new file mode 100644
index 00000000..8e400def
--- /dev/null
+++ b/roles/apt-repo/nordvpn/files/repo.gpg
diff --git a/roles/apt-repo/nordvpn/tasks/main.yml b/roles/apt-repo/nordvpn/tasks/main.yml
new file mode 100644
index 00000000..d63da994
--- /dev/null
+++ b/roles/apt-repo/nordvpn/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: add repository key
+  copy:
+    src: repo.gpg
+    dest: /etc/apt/trusted.gpg.d/nordvpn.gpg
+  register: apt_repo_nordvpn_key
+
+- name: add repository entry
+  copy:
+    content: |
+      deb https://repo.nordvpn.com/deb/nordvpn/debian stable main
+    dest: /etc/apt/sources.list.d/nordvpn.list
+  register: apt_repo_nordvpn_sources
+
+- name: update apt cache
+  when: apt_repo_nordvpn_key is changed or
+        apt_repo_nordvpn_sources is changed
+  command: apt-get update
+  args:
+    warn: false