gmarth/VPNTray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
VPNTray/example_customer.yaml
Alexander Thiess fbacfde9f2 stuff
2025-09-07 23:33:55 +02:00

281 lines
8.1 KiB
YAML
Raw Permalink Blame History

# Example customer YAML configuration
name: TechCorp Solutions
# Cloud/web services available regardless of VPN connection
services:
- name: Office 365
url: https://portal.office.com
service_type: Email & Office
description: Microsoft Office suite and email
- name: Pascom Cloud PBX
url: https://techcorp.pascom.cloud
service_type: Phone System
description: Cloud-based phone system
- name: Salesforce CRM
url: https://techcorp.salesforce.com
service_type: CRM
description: Customer relationship management
# Customer locations with VPN configurations
locations:
- name: Main Office
vpn_type: OpenVPN
vpn_config: techcorp-main.ovpn # File in ~/.vpntray/vpn/
# External connection endpoints (can have multiple for redundancy)
external_addresses:
- vpn.techcorp.com # Primary VPN endpoint
- vpn2.techcorp.com # Backup endpoint
- 203.0.113.10 # Direct IP fallback
# Port forwarding rules for external access
port_forwardings:
- external_port: 8006
internal_ip: 192.168.1.10
internal_port: 8006
protocol: tcp
description: Proxmox web interface
enabled: true
- external_port: 3389
internal_ip: 192.168.1.20
internal_port: 3389
protocol: tcp
description: Domain Controller RDP
enabled: true
- external_port: 9000
internal_ip: 192.168.1.21
internal_port: 9000
protocol: tcp
description: File server web panel
enabled: true
- external_port: 5050
internal_ip: 192.168.1.22
internal_port: 5050
protocol: tcp
description: pgAdmin database interface
enabled: true
- external_port: 443
internal_ip: 192.168.1.1
internal_port: 443
protocol: tcp
description: Firewall web interface
enabled: true
# Network segments with rich metadata
network_segments:
- name: LAN
cidr: 192.168.1.0/24
gateway: 192.168.1.1
zone: production
description: Main office LAN
- name: Management
cidr: 10.0.1.0/24
vlan_id: 100
gateway: 10.0.1.1
zone: management
description: Out-of-band management network
- name: Services
cidr: 172.16.1.0/24
vlan_id: 200
gateway: 172.16.1.1
zone: production
description: Internal services network
# VPN credentials - three options:
# Option 1: Dictionary with username/password
vpn_credentials:
username: vpnuser
password: securepass123
# Option 2: Passbolt UUID (for future implementation when CLI is updated)
# vpn_credentials: "550e8400-e29b-41d4-a716-446655440000"
# Option 3: Omit or set to null if no credentials needed
# vpn_credentials: null
# Hosts at this location
hosts:
- name: PVE-01
ip_addresses:
- ip_address: 192.168.1.10
network_segment: LAN
is_primary: true
host_type: Proxmox
icon: proxmox # Custom icon: assets/icons/proxmox.svg
description: Main virtualization server
services:
- name: Web Interface
service_type: Web GUI
port: 8006
- name: SSH
service_type: SSH
port: 22
# VMs running on this host
sub_hosts:
- name: DC-01
ip_addresses:
- ip_address: 192.168.1.20
network_segment: LAN
is_primary: true
host_type: Windows Server
description: Domain Controller
services:
- name: RDP
service_type: RDP
port: 3389
- name: Admin Web
service_type: Web GUI
port: 8080
- name: FILE-01
ip_addresses:
- ip_address: 192.168.1.21
network_segment: LAN
is_primary: true
host_type: Linux
icon: ubuntu # Custom icon: assets/icons/ubuntu.svg
description: File Server (Samba)
services:
- name: SSH
service_type: SSH
port: 22
- name: SMB Share
service_type: SMB
port: 445
- name: Web Panel
service_type: Web GUI
port: 9000
- name: DB-01
ip_addresses:
- ip_address: 192.168.1.22
network_segment: LAN
is_primary: true
- ip_address: 172.16.1.22
network_segment: Services
is_primary: false
host_type: Linux
description: PostgreSQL Database (dual-homed)
services:
- name: SSH
service_type: SSH
port: 22
- name: PostgreSQL
service_type: Database
port: 5432
- name: pgAdmin
service_type: Web GUI
port: 5050
- name: FW-01
ip_addresses:
- ip_address: 192.168.1.1
network_segment: LAN
is_primary: true
- ip_address: 10.0.1.1
network_segment: Management
is_primary: false
- ip_address: 172.16.1.1
network_segment: Services
is_primary: false
host_type: Router
icon: pfsense # Custom icon: assets/icons/pfsense.svg
description: pfSense Firewall/Router (multi-interface)
services:
- name: Web Interface
service_type: Web GUI
port: 443
- name: SSH
service_type: SSH
port: 22
- name: SW-01
ip_addresses:
- ip_address: 192.168.1.2
network_segment: LAN
is_primary: true
- ip_address: 10.0.1.2
network_segment: Management
is_primary: false
host_type: Switch
description: Managed Switch (dual-homed)
services:
- name: Web Interface
service_type: Web GUI
port: 80
- name: SSH
service_type: SSH
port: 22
- name: Branch Office
vpn_type: WireGuard
vpn_config: techcorp-branch.conf # File in ~/.vpntray/vpn/
# External connection endpoints
external_addresses:
- 198.51.100.50 # Branch office static IP
- branch.techcorp.com # Dynamic DNS endpoint
# Port forwarding rules
port_forwardings:
- external_port: 8080
internal_ip: 10.10.1.10
internal_port: 8080
protocol: tcp
description: Branch web services
enabled: true
- external_port: 22
internal_ip: 10.10.1.10
internal_port: 22
protocol: tcp
description: SSH access to branch server
enabled: false # Disabled for security
# Network segments
network_segments:
- name: Branch_LAN
cidr: 10.10.1.0/24
gateway: 10.10.1.1
zone: production
description: Branch office network
- name: Local_Services
cidr: 192.168.100.0/24
gateway: 192.168.100.1
zone: general
description: Local branch services network
# No credentials needed for WireGuard (uses keys in config file)
vpn_credentials: null
hosts:
- name: BRANCH-01
ip_addresses:
- ip_address: 10.10.1.10
network_segment: Branch_LAN
is_primary: true
- ip_address: 192.168.100.1
network_segment: Local_Services
is_primary: false
host_type: Linux
description: Branch office server (dual-homed)
services:
- name: SSH
service_type: SSH
port: 22
- name: File Share
service_type: SMB
port: 445
- name: Local Web
service_type: Web GUI
port: 8080
Reference in New Issue View Git Blame Copy Permalink