Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.
| ansible | ||
| app | ||
| venv | ||
| .env.example | ||
| .flaskenv | ||
| .gitignore | ||
| inventory.ini | ||
| LICENSE | ||
| README.md | ||
| requirements.txt | ||
vpn-btcpay-provisioner
Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.
VPN BTCPay Provisioner
Automatically provision WireGuard VPN configurations upon successful BTCPay Server payments.
Features
- Automated WireGuard VPN configuration generation
- BTCPay Server integration via webhooks
- Secure key management with Ansible vault
- Automated IP allocation for new clients
Prerequisites
- Python 3.x
- Ansible
- WireGuard
- BTCPay Server instance
Installation
- Clone the repository:
git clone https://git.sovbit.dev/Enki/vpn-btcpay-provisioner.git
cd vpn-btcpay-provisioner
- Install dependencies:
python -m venv venv
source venv/bin/activate # On Windows: .\venv\Scripts\activate
pip install -r requirements.txt
- Copy example environment file and edit with your values:
cp .env.example .env
- Set up Ansible vault:
ansible-vault create ansible/group_vars/vpn_servers/vault.yml
Configuration
- Update
.envwith your environment-specific values - Configure BTCPay Server webhook to point to your webhook endpoint
- Update inventory.ini with your VPN server details
Usage
- Start the webhook handler:
flask run
- Test the setup with BTCPay Server's test webhook feature
Security Notes
- Keep your
.envfile secure and never commit it to version control - Regularly rotate webhook secrets and access tokens
- Monitor logs for unauthorized access attempts
- Keep system dependencies updated
License
MIT