Initial commit: abyssVpn project

- Tauri desktop app (apps/desktop)
- Python Django API service (services/api)
- Deployment scripts and docs
This commit is contained in:
arthur_chen
2026-05-15 09:06:10 +08:00
commit f69efb67ad
146 changed files with 18039 additions and 0 deletions
@@ -0,0 +1,76 @@
services:
netmaker:
container_name: netmaker
image: gravitl/netmaker:$SERVER_IMAGE_TAG
env_file: ./netmaker.env
restart: always
volumes:
- dnsconfig:/root/config/dnsconfig
- sqldata:/root/data
environment:
# config-dependant vars
- STUN_SERVERS=stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302
# The domain/host IP indicating the mq broker address
- BROKER_ENDPOINT=wss://broker.${NM_DOMAIN} # For EMQX broker use `BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}/mqtt`
# For EMQX broker (uncomment the two lines below)
#- BROKER_TYPE=emqx
#- EMQX_REST_ENDPOINT=http://mq:18083
# The base domain of netmaker
- SERVER_NAME=${NM_DOMAIN}
- SERVER_API_CONN_STRING=api.${NM_DOMAIN}:443
# Address of the CoreDNS server. Defaults to SERVER_HOST
- COREDNS_ADDR=${SERVER_HOST}
# Overrides SERVER_HOST if set. Useful for making HTTP available via different interfaces/networks.
- SERVER_HTTP_HOST=api.${NM_DOMAIN}
netmaker-ui:
container_name: netmaker-ui
image: gravitl/netmaker-ui:$UI_IMAGE_TAG
env_file: ./netmaker.env
environment:
# config-dependant vars
# URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT
BACKEND_URL: "https://api.${NM_DOMAIN}"
depends_on:
- netmaker
links:
- "netmaker:api"
restart: always
caddy:
image: caddy:2.8.4
container_name: caddy
env_file: ./netmaker.env
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_conf:/config
ports:
- "80:80/tcp"
- "443:443/tcp"
- "50051:50051"
mq:
container_name: mq
image: eclipse-mosquitto:2.0.15-openssl
env_file: ./netmaker.env
depends_on:
- netmaker
restart: unless-stopped
command: [ "/mosquitto/config/wait.sh" ]
volumes:
- ./mosquitto.conf:/mosquitto/config/mosquitto.conf
- ./wait.sh:/mosquitto/config/wait.sh
- mosquitto_logs:/mosquitto/log
- mosquitto_data:/mosquitto/data
volumes:
caddy_data: { } # runtime data for caddy
caddy_conf: { } # configuration file for Caddy
sqldata: { }
dnsconfig: { } # storage for coredns
mosquitto_logs: { } # storage for mqtt logs
mosquitto_data: { } # storage for mqtt data
+34
View File
@@ -0,0 +1,34 @@
# Dashboard
https://dashboard.{$NM_DOMAIN} {
# Apply basic security headers
header {
# Enable cross origin access to *.{$NM_DOMAIN}
Access-Control-Allow-Origin *.{$NM_DOMAIN}
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# Prevent search engines from indexing
X-Robots-Tag "none"
# Remove the server name
-Server
}
reverse_proxy http://netmaker-ui
}
# API
https://api.{$NM_DOMAIN} {
reverse_proxy http://netmaker:8081
}
# MQ
broker.{$NM_DOMAIN} {
@ws {
header Connection *Upgrade*
header Upgrade websocket
}
reverse_proxy @ws mq:8883 # For EMQX websockets use `reverse_proxy @ws mq:8083`
}
+10
View File
@@ -0,0 +1,10 @@
per_listener_settings false
listener 8883
protocol websockets
allow_anonymous false
listener 1883
protocol websockets
allow_anonymous false
password_file /mosquitto/password.txt
+18
View File
@@ -0,0 +1,18 @@
#!/bin/ash
encrypt_password() {
echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/password.txt
mosquitto_passwd -U /mosquitto/password.txt
}
main(){
encrypt_password
echo "Starting MQ..."
# Run the main container command.
/docker-entrypoint.sh
/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
}
main "${@}"
@@ -0,0 +1,111 @@
# Email used for SSL certificates
NM_EMAIL=
# The base domain of netmaker
NM_DOMAIN=
# Public IPv4 endpoint of machine
SERVER_HOST=
# Public IPv6 endpoint of machine
SERVER_HOST6=
# The admin master key for accessing the API. Change this in any production installation.
MASTER_KEY=
# The username to set for MQ access
MQ_USERNAME=
# The password to set for MQ access
MQ_PASSWORD=
INSTALL_TYPE=
NETMAKER_TENANT_ID=
LICENSE_KEY=
SERVER_IMAGE_TAG=
UI_IMAGE_TAG=
# used for HA - identifies this server vs other servers if unset uses host_name
HOST_NAME=
METRICS_EXPORTER=off
#metrics exporter secret
METRICS_SECRET=
#metrics exporter user
METRICS_USERNAME=netmaker
# Enables DNS Mode, meaning all nodes will set hosts file for private dns settings
DNS_MODE=on
# Enable auto update of netclient ? ENUM:- enabled,disabled | default=enabled
NETCLIENT_AUTO_UPDATE=enabled
# The HTTP API port for Netmaker. Used for API calls / communication from front end.
# If changed, need to change port of BACKEND_URL for netmaker-ui.
API_PORT=8081
EXPORTER_API_PORT=8085
# The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated
# URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
CORS_ALLOWED_ORIGIN=*
# Show keys permanently in UI (until deleted) as opposed to 1-time display.
DISPLAY_KEYS=on
# Database to use - sqlite, postgres
DATABASE=sqlite
# The address of the mq server. If running from docker compose it will be "mq". Otherwise, need to input address.
# If using "host networking", it will find and detect the IP of the mq container.
# For EMQX websockets use `SERVER_BROKER_ENDPOINT=ws://mq:8083/mqtt`
SERVER_BROKER_ENDPOINT=ws://mq:1883
# Logging verbosity level - 1, 2, or 3
VERBOSITY=1
DEBUG_MODE=off
# Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST).
REST_BACKEND=on
# If turned "on", Server will not set Host based on remote IP check.
# This is already overridden if SERVER_HOST is set. Turned "off" by default.
DISABLE_REMOTE_IP_CHECK=off
# Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
TELEMETRY=on
###
#
# OAuth section
#
###
# only mentioned domains will be allowded to signup using oauth, by default all domains are allowed
ALLOWED_EMAIL_DOMAINS=*
# "<azure-ad|github|google|oidc>"
AUTH_PROVIDER=
# "<client id of your oauth provider>"
CLIENT_ID=
# "<client secret of your oauth provider>"
CLIENT_SECRET=
# "https://dashboard.<netmaker base domain>"
FRONTEND_URL=
# "<only for azure, you may optionally specify the tenant for the OAuth>"
AZURE_TENANT=
# https://oidc.yourprovider.com - URL of oidc provider
OIDC_ISSUER=
# Duration of JWT token validity in seconds
JWT_VALIDITY_DURATION=43200
# Allow a user to connect to multiple networks simultaneously
RAC_RESTRICT_TO_SINGLE_NETWORK=false
# if turned on data will be cached on to improve performance significantly (IMPORTANT: If HA set to `false` )
CACHING_ENABLED=true
# if turned on netclient checks if peers are reachable over private/LAN address, and choose that as peer endpoint
ENDPOINT_DETECTION=true
# config for sending emails
# mail server host
SMTP_HOST=smtp.gmail.com
# mail server port
SMTP_PORT=587
# sender email
EMAIL_SENDER_ADDR=
# sender smtp user, if unset sender email will be used
EMAIL_SENDER_USER=
# sender smtp password
EMAIL_SENDER_PASSWORD=
# default domain for internal DNS lookup
DEFAULT_DOMAIN=nm.internal
# managed dns setting, set to true to resolve dns entries on netmaker network
MANAGE_DNS=true
# set to true, old acl is supported, otherwise, old acl is disabled
OLD_ACL_SUPPORT=true
# if STUN is set to true, hole punch is called
STUN=true
# Metrics Collection Port
METRICS_PORT=51821
# Metrics Collection interval in minutes
PUBLISH_METRIC_INTERVAL=15
PROMETHEUS_HOST=http://prometheus:9090 #https://prometheus.${NM_DOMAIN}
NETMAKER_METRICS_TARGET=http://netmaker-exporter:8085 #https://netmaker-exporter.${NM_DOMAIN}
METRICS_SECRET=
+1222
View File
File diff suppressed because it is too large Load Diff