Deploy VPN #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Deploy VPN" | |
| on: | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: eu-south-1 | |
| jobs: | |
| generate-private-key-locally: | |
| name: Generate private key | |
| timeout-minutes: 1500 | |
| runs-on: ubuntu-latest | |
| outputs: | |
| secretkey: ${{ steps.secretkeyoutput.outputs.SECRET_KEY }} | |
| container: | |
| image: ubuntu | |
| volumes: | |
| - ./:/vpn | |
| steps: | |
| - run: apt-get update | |
| - run: apt-get install curl -y | |
| - run: apt-get install gpg -y | |
| - run: mkdir -p /etc/apt/keyrings # directory does not exist on older releases | |
| - run: curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg --dearmor > /etc/apt/keyrings/openvpn-repo-public.gpg | |
| - run: echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/stable jammy main" > /etc/apt/sources.list.d/openvpn-aptrepo.list | |
| - run: apt-get update | |
| - run: apt-get install openvpn -y | |
| - run: mkdir vpn | |
| - run: openvpn --genkey --secret static.key | |
| - run: echo "SECRET_KEY=$(cat static.ley)" >> $GITHUB_OUTPUT | |
| id: secretkeyoutput | |
| - uses: "DamianReeves/write-file-action@master" | |
| with: | |
| path: openvpn.conf | |
| write-mode: overwrite | |
| contents: | | |
| remote myremote.mydomain | |
| dev tun | |
| ifconfig $CLIENT_ENDPOINT $SERVER_ENDPOINT | |
| secret static.key | |
| deploy-vpn-remote: | |
| name: Deploy VPN Remote | |
| timeout-minutes: 1500 | |
| runs-on: vpn | |
| needs: generate-private-key-locally | |
| container: | |
| image: ubuntu | |
| ports: | |
| - 1194:1194 | |
| steps: | |
| - run: apt-get update | |
| - run: apt-get install curl -y | |
| - run: apt-get install gpg -y | |
| - run: mkdir -p /etc/apt/keyrings # directory does not exist on older releases | |
| - run: curl -fsSL https://swupdate.openvpn.net/repos/repo-public.gpg | gpg --dearmor > /etc/apt/keyrings/openvpn-repo-public.gpg | |
| - run: echo "deb [arch=arm64 signed-by=/etc/apt/keyrings/openvpn-repo-public.gpg] https://build.openvpn.net/debian/openvpn/stable jammy main" > /etc/apt/sources.list.d/openvpn-aptrepo.list | |
| - run: apt-get update | |
| - run: apt-get install openvpn -y | |
| - uses: "DamianReeves/write-file-action@master" | |
| with: | |
| path: secret.key | |
| write-mode: overwrite | |
| contents: ${{ needs.generate-private-key-locally.outputs.secretkey }} | |
| - uses: "DamianReeves/write-file-action@master" | |
| with: | |
| path: openvpn.conf | |
| write-mode: overwrite | |
| contents: | | |
| dev tun | |
| ifconfig $SERVER_ENDPOINT $CLIENT_ENDPOINT | |
| secret static.key | |
| - run: openvpn --config openvpn.conf | |