# vpn-btcpay-provisioner

Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.
=======
# VPN BTCPay Provisioner

Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.

## Features

- Automated WireGuard VPN configuration generation
- BTCPay Server integration via webhooks
- Secure key management with Ansible vault
- Automated IP allocation for new clients

## Prerequisites

- Python 3.x
- Ansible
- WireGuard
- BTCPay Server instance

## Installation

1. Clone the repository:
```bash
git clone https://git.sovbit.dev/Enki/vpn-btcpay-provisioner.git
cd vpn-btcpay-provisioner
```

2. Install dependencies:
```bash
python -m venv venv
source venv/bin/activate  # On Windows: .\venv\Scripts\activate
pip install -r requirements.txt
```

3. Copy example environment file and edit with your values:
```bash
cp .env.example .env
```

4. Set up Ansible vault:
```bash
ansible-vault create ansible/group_vars/vpn_servers/vault.yml
```

## Configuration

1. Update `.env` with your environment-specific values
2. Configure BTCPay Server webhook to point to your webhook endpoint
3. Update inventory.ini with your VPN server details

## Usage

1. Start the webhook handler:
```bash
flask run
```

2. Test the setup with BTCPay Server's test webhook feature

## Security Notes

- Keep your `.env` file secure and never commit it to version control
- Regularly rotate webhook secrets and access tokens
- Monitor logs for unauthorized access attempts
- Keep system dependencies updated

## License

MIT