apiVersion: v1
kind: Namespace
metadata:
  name: vpn
  labels:
    workload.edge.ncr.com: platform
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: wireguard-store
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vpn-vnc
  namespace: vpn
  labels:
    app.kubernetes.io/instance: vpn-linkerd-service-account
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/name: vpn-linkerd-service-account
    app.kubernetes.io/part-of: wireguard-store
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: wireguard-store
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: vpn
  labels:
    app.kubernetes.io/instance: nginx-config-map
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/name: nginx-config
    app.kubernetes.io/part-of: wireguard-store
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: wireguard-store
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
data:
  nginx.conf: |
    user  nginx;
    worker_processes  1;
    error_log  /var/log/nginx/error.log warn;
    pid        /var/run/nginx.pid;
    events {
        worker_connections  1024;
    }
    http {
      include       /etc/nginx/mime.types;
      default_type  application/octet-stream;
      log_format  main  '$remote_addr - $remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent"'
                        ' Proxy host: "$proxy_host"'
                        ' Upstream address: "$upstream_addr"';
      access_log  /var/log/nginx/access.log  main;
      sendfile        on;
      keepalive_timeout  65;
      server {
        listen          80;
        location /novnc {
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          proxy_set_header Connection "";

          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_read_timeout 900s;

          # SERVICE-NAME.NAMESPACE.svc.cluster.local
          proxy_pass http://novnc.vnc.svc.cluster.local/;
          # resolver kube-dns.kube-system.svc.cluster.local;
        }
      }
    }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: wireguard-sync
  namespace: vpn
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: wireguard-store
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels: {}
data:
  wireguard-sync.sh: "#!/bin/bash\nwhile true;\ndo \n  if [[ $(wg) ]];\n  then \n    wg-quick strip wg0 > /tmp/wg0.conf && wg syncconf wg0 /tmp/wg0.conf\n    rm /tmp/wg0.conf -f \n  fi\n  sleep 30; \ndone\n"
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all-egress
  namespace: vpn
  labels:
    app.kubernetes.io/instance: allow-all-egress-network-policy
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/name: allow-all-egress
    app.kubernetes.io/part-of: wireguard-store
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: wireguard-store
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  egress:
  - {}
  podSelector:
    matchLabels:
      app.kubernetes.io/name: wireguard-store
  policyTypes:
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: vpn
  labels:
    app.kubernetes.io/instance: default-deny-ingress-network-policy
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/name: default-deny-ingress
    app.kubernetes.io/part-of: wireguard
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: wireguard-store
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  ingress:
  - {}
  podSelector: {}
  policyTypes:
  - Ingress