chore: add wireguard directory

forgejo/README.md

@@ -0,0 +1,13 @@
+# Configuration de `forgejo`
+
+Gestionnaire de repository git.
+
+## Hebergement
+
+[localhost:10001](http://localhost:10001) ->
+[git.cohabit.fr](https://git.cohabit.fr)
+
+## Emplacements
+
+- `./forgejo/*` -> `/etc/forgejo/*`
+- `./runner/*` -> `/etc/forgejo-runner/*`

forgejo/forgejo/app.ini

@@ -0,0 +1,88 @@
+APP_NAME = Forgejo Fablab Cohabit
+RUN_USER = git
+RUN_MODE = prod
+WORK_PATH = /var/lib/forgejo
+
+[admin]
+DISABLE_REGULAR_ORG_CREATION = false
+
+[oauth2]
+JWT_SECRET = #! TODO use Secrets
+
+[security]
+INTERNAL_TOKEN = #! TODO use Secrets
+INSTALL_LOCK = true
+SECRET_KEY = #! TODO use Secrets
+PASSWORD_HASH_ALGO = pbkdf2
+# ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib)
+DISABLE_GIT_HOOKS = false
+
+[database]
+DB_TYPE = postgres
+HOST = #! TODO use Secrets
+NAME = #! TODO use Secrets
+USER = #! TODO use Secrets
+PASSWD = #! TODO use Secrets
+SCHEMA =
+SSL_MODE = disable
+CHARSET = utf8
+# PATH     = /var/lib/forgejo/data/gitea.db
+LOG_SQL = false
+
+[repository]
+ROOT = /var/lib/forgejo/data/gitea-repositories
+DEFAULT_BRANCH = main
+
+[ui]
+DEFAULT_THEME = arc-green
+
+[server]
+PROTOCOL = http
+SSH_DOMAIN = git.cohabit.fr
+DOMAIN = git.cohabit.fr
+HTTP_PORT = 10001
+ROOT_URL = https://git.cohabit.fr
+DISABLE_SSH = false
+SSH_PORT = 22222
+SSH_LISTEN_HOST = 0.0.0.0
+START_SSH_SERVER = true
+LFS_START_SERVER = true
+# LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs
+LFS_JWT_SECRET = # TODO use Secrets
+OFFLINE_MODE = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+DISABLE_REGISTRATION = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+REQUIRE_SIGNIN_VIEW = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = false
+NO_REPLY_ADDRESS =
+
+[picture]
+DISABLE_GRAVATAR = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = file
+LEVEL = debug,error,info
+ROOT_PATH = /var/log/forgejo/
+logger.router.MODE = file
+
+[actions]
+ENABLED = true
+DEFAULT_ACTIONS_URL = https://code.forgejo.org

wireguard/README.md

@@ -0,0 +1,8 @@
+# Configuration de `wireguard`
+
+Serveur VPN.
+
+## Emplacements
+
+- `./server/*` -> `/etc/wireguard/*`
+- `./clients/*` -> N.A.

wireguard/clients/wifi_fablab.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.0.0.2/24
+PrivateKey = #! TODO use Secrets
+DNS = 208.67.222.222, 208.67.220.220
+MTU = 1420
+
+[Peer]
+AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
+Endpoint = cohabit.fr:#! TODO use Secrets
+PersistentKeepalive = 25
+PublicKey = #! TODO use Secrets

wireguard/server/wg0.conf

@@ -0,0 +1,13 @@
+[Interface]
+PrivateKey = #! TODO use Secrets
+Address = 10.0.0.1/24
+MTU = 1420
+ListenPort = #! TODO use Secrets
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
+
+### Wifi Fablab ###
+[Peer]
+PublicKey = #! TODO use Secrets
+AllowedIPs = 10.0.0.2/32
+###################