initial commit

2023-10-04 00:36:16 +02:00
commit 6aa675257e
12 changed files with 233 additions and 0 deletions
--- a/scripts/server.example.test/usr/sbin/entrypoint.sh
+++ b/scripts/server.example.test/usr/sbin/entrypoint.sh
@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+mkdir -p /dev/net
+mknod /dev/net/tun c 10 200
+chmod 600 /dev/net/tun
+
+auth_ldap_url=$(cat /run/secrets/auth_ldap_url)
+auth_ldap_bind_dn=$(cat /run/secrets/auth_ldap_bind_dn)
+auth_ldap_password=$(cat /run/secrets/auth_ldap_password)
+auth_ldap_base_dn=$(cat /run/secrets/auth_ldap_base_dn)
+auth_ldap_group_base_dn=$(cat /run/secrets/auth_ldap_group_base_dn)
+auth_ldap_group_search_filter=$(cat /run/secrets/auth_ldap_group_search_filter)
+
+cat > /etc/openvpn/server/server.example.test/auth-ldap.conf << EOF
+<LDAP>
+	URL $auth_ldap_url
+	BindDN $auth_ldap_bind_dn
+	Password $auth_ldap_password
+	Timeout 15
+	TLSEnable no
+	FollowReferrals no
+</LDAP>
+<Authorization>
+	BaseDN "$auth_ldap_base_dn"
+	SearchFilter "(uid=%u)"
+	RequireGroup false
+	PasswordIsCR false
+	<Group>
+        RFC2307bis false
+	    UseCompareOperation true
+		BaseDN "$auth_ldap_group_base_dn"
+		SearchFilter "$auth_ldap_group_search_filter"
+		MemberAttribute	memberUid
+	</Group>
+</Authorization>
+EOF
+
+chmod 600 /etc/openvpn/server/server.example.test/auth-ldap.conf
+
+/usr/sbin/openvpn --config /etc/openvpn/server/server.example.test.conf