2024-12-11 08:25:29 +00:00
|
|
|
# vpn-btcpay-provisioner
|
|
|
|
|
2024-12-11 07:26:18 +00:00
|
|
|
Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.
|
|
|
|
=======
|
|
|
|
# VPN BTCPay Provisioner
|
|
|
|
|
|
|
|
Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
|
|
|
- Automated WireGuard VPN configuration generation
|
|
|
|
- BTCPay Server integration via webhooks
|
|
|
|
- Secure key management with Ansible vault
|
|
|
|
- Automated IP allocation for new clients
|
|
|
|
|
|
|
|
## Prerequisites
|
|
|
|
|
|
|
|
- Python 3.x
|
|
|
|
- Ansible
|
|
|
|
- WireGuard
|
|
|
|
- BTCPay Server instance
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
|
|
|
1. Clone the repository:
|
|
|
|
```bash
|
|
|
|
git clone https://git.sovbit.dev/your-username/vpn-btcpay-provisioner.git
|
|
|
|
cd vpn-btcpay-provisioner
|
|
|
|
```
|
|
|
|
|
|
|
|
2. Install dependencies:
|
|
|
|
```bash
|
|
|
|
python -m venv venv
|
|
|
|
source venv/bin/activate # On Windows: .\venv\Scripts\activate
|
|
|
|
pip install -r requirements.txt
|
|
|
|
```
|
|
|
|
|
|
|
|
3. Copy example environment file and edit with your values:
|
|
|
|
```bash
|
|
|
|
cp .env.example .env
|
|
|
|
```
|
|
|
|
|
|
|
|
4. Set up Ansible vault:
|
|
|
|
```bash
|
|
|
|
ansible-vault create ansible/group_vars/vpn_servers/vault.yml
|
|
|
|
```
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
1. Update `.env` with your environment-specific values
|
|
|
|
2. Configure BTCPay Server webhook to point to your webhook endpoint
|
|
|
|
3. Update inventory.ini with your VPN server details
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
1. Start the webhook handler:
|
|
|
|
```bash
|
|
|
|
flask run
|
|
|
|
```
|
|
|
|
|
|
|
|
2. Test the setup with BTCPay Server's test webhook feature
|
|
|
|
|
|
|
|
## Security Notes
|
|
|
|
|
|
|
|
- Keep your `.env` file secure and never commit it to version control
|
|
|
|
- Regularly rotate webhook secrets and access tokens
|
|
|
|
- Monitor logs for unauthorized access attempts
|
|
|
|
- Keep system dependencies updated
|
|
|
|
|
|
|
|
## License
|
|
|
|
|
|
|
|
MIT
|