# Example customer YAML configuration name: TechCorp Solutions # Cloud/web services available regardless of VPN connection services: - name: Office 365 url: https://portal.office.com service_type: Email & Office description: Microsoft Office suite and email - name: Pascom Cloud PBX url: https://techcorp.pascom.cloud service_type: Phone System description: Cloud-based phone system - name: Salesforce CRM url: https://techcorp.salesforce.com service_type: CRM description: Customer relationship management # Customer locations with VPN configurations locations: - name: Main Office vpn_type: OpenVPN vpn_config: techcorp-main.ovpn # File in ~/.vpntray/vpn/ # External connection endpoints (can have multiple for redundancy) external_addresses: - vpn.techcorp.com # Primary VPN endpoint - vpn2.techcorp.com # Backup endpoint - 203.0.113.10 # Direct IP fallback # Port forwarding rules for external access port_forwardings: - external_port: 8006 internal_ip: 192.168.1.10 internal_port: 8006 protocol: tcp description: Proxmox web interface enabled: true - external_port: 3389 internal_ip: 192.168.1.20 internal_port: 3389 protocol: tcp description: Domain Controller RDP enabled: true - external_port: 9000 internal_ip: 192.168.1.21 internal_port: 9000 protocol: tcp description: File server web panel enabled: true - external_port: 5050 internal_ip: 192.168.1.22 internal_port: 5050 protocol: tcp description: pgAdmin database interface enabled: true - external_port: 443 internal_ip: 192.168.1.1 internal_port: 443 protocol: tcp description: Firewall web interface enabled: true # Network segments with rich metadata network_segments: - name: LAN cidr: 192.168.1.0/24 gateway: 192.168.1.1 zone: production description: Main office LAN - name: Management cidr: 10.0.1.0/24 vlan_id: 100 gateway: 10.0.1.1 zone: management description: Out-of-band management network - name: Services cidr: 172.16.1.0/24 vlan_id: 200 gateway: 172.16.1.1 zone: production description: Internal services network # VPN credentials - three options: # Option 1: Dictionary with username/password vpn_credentials: username: vpnuser password: securepass123 # Option 2: Passbolt UUID (for future implementation when CLI is updated) # vpn_credentials: "550e8400-e29b-41d4-a716-446655440000" # Option 3: Omit or set to null if no credentials needed # vpn_credentials: null # Hosts at this location hosts: - name: PVE-01 ip_addresses: - ip_address: 192.168.1.10 network_segment: LAN is_primary: true host_type: Proxmox icon: proxmox # Custom icon: assets/icons/proxmox.svg description: Main virtualization server services: - name: Web Interface service_type: Web GUI port: 8006 - name: SSH service_type: SSH port: 22 # VMs running on this host sub_hosts: - name: DC-01 ip_addresses: - ip_address: 192.168.1.20 network_segment: LAN is_primary: true host_type: Windows Server description: Domain Controller services: - name: RDP service_type: RDP port: 3389 - name: Admin Web service_type: Web GUI port: 8080 - name: FILE-01 ip_addresses: - ip_address: 192.168.1.21 network_segment: LAN is_primary: true host_type: Linux icon: ubuntu # Custom icon: assets/icons/ubuntu.svg description: File Server (Samba) services: - name: SSH service_type: SSH port: 22 - name: SMB Share service_type: SMB port: 445 - name: Web Panel service_type: Web GUI port: 9000 - name: DB-01 ip_addresses: - ip_address: 192.168.1.22 network_segment: LAN is_primary: true - ip_address: 172.16.1.22 network_segment: Services is_primary: false host_type: Linux description: PostgreSQL Database (dual-homed) services: - name: SSH service_type: SSH port: 22 - name: PostgreSQL service_type: Database port: 5432 - name: pgAdmin service_type: Web GUI port: 5050 - name: FW-01 ip_addresses: - ip_address: 192.168.1.1 network_segment: LAN is_primary: true - ip_address: 10.0.1.1 network_segment: Management is_primary: false - ip_address: 172.16.1.1 network_segment: Services is_primary: false host_type: Router icon: pfsense # Custom icon: assets/icons/pfsense.svg description: pfSense Firewall/Router (multi-interface) services: - name: Web Interface service_type: Web GUI port: 443 - name: SSH service_type: SSH port: 22 - name: SW-01 ip_addresses: - ip_address: 192.168.1.2 network_segment: LAN is_primary: true - ip_address: 10.0.1.2 network_segment: Management is_primary: false host_type: Switch description: Managed Switch (dual-homed) services: - name: Web Interface service_type: Web GUI port: 80 - name: SSH service_type: SSH port: 22 - name: Branch Office vpn_type: WireGuard vpn_config: techcorp-branch.conf # File in ~/.vpntray/vpn/ # External connection endpoints external_addresses: - 198.51.100.50 # Branch office static IP - branch.techcorp.com # Dynamic DNS endpoint # Port forwarding rules port_forwardings: - external_port: 8080 internal_ip: 10.10.1.10 internal_port: 8080 protocol: tcp description: Branch web services enabled: true - external_port: 22 internal_ip: 10.10.1.10 internal_port: 22 protocol: tcp description: SSH access to branch server enabled: false # Disabled for security # Network segments network_segments: - name: Branch_LAN cidr: 10.10.1.0/24 gateway: 10.10.1.1 zone: production description: Branch office network - name: Local_Services cidr: 192.168.100.0/24 gateway: 192.168.100.1 zone: general description: Local branch services network # No credentials needed for WireGuard (uses keys in config file) vpn_credentials: null hosts: - name: BRANCH-01 ip_addresses: - ip_address: 10.10.1.10 network_segment: Branch_LAN is_primary: true - ip_address: 192.168.100.1 network_segment: Local_Services is_primary: false host_type: Linux description: Branch office server (dual-homed) services: - name: SSH service_type: SSH port: 22 - name: File Share service_type: SMB port: 445 - name: Local Web service_type: Web GUI port: 8080