Add .env configuration for easy environment customization

- Create .env.example with all configurable settings:
  - Server IPs (RU_VDS_IP, DE_VDS_IP)
  - WireGuard ports (WG_CLIENT_PORT, WG_TUNNEL_PORT)
  - VPN networks (USER_VPN_NETWORK, TUNNEL_NETWORK)
  - DNS settings, SSH port, timeouts
- Add .gitignore to exclude .env from version control
- Update setup-ru-vds.sh to read from .env
- Update setup-de-vds.sh to read from .env
- Update add-client.sh to use configuration
- Setup scripts save config to /etc/wireguard/vpn.conf for runtime use
- Update documentation with .env usage instructions

This allows easy deployment to test environments by simply
changing values in .env before running setup scripts.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.env.example

@@ -0,0 +1,71 @@
+# VPN Configuration
+# Copy this file to .env and adjust values for your environment
+#
+# Usage:
+#   cp .env.example .env
+#   nano .env  # Edit values
+#   source .env && ./scripts/setup-ru-vds.sh
+
+# =============================================================================
+# Server IPs (External/Public)
+# =============================================================================
+
+# RU VDS (Gateway) - public IP address
+RU_VDS_IP="176.124.216.197"
+
+# DE VDS (Exit Node) - public IP address
+DE_VDS_IP="194.31.173.178"
+
+# =============================================================================
+# WireGuard Ports
+# =============================================================================
+
+# Port for client connections (on RU VDS)
+WG_CLIENT_PORT="51820"
+
+# Port for server-to-server tunnel (on DE VDS)
+WG_TUNNEL_PORT="51821"
+
+# =============================================================================
+# VPN Networks
+# =============================================================================
+
+# User VPN network (clients connect to this)
+USER_VPN_NETWORK="10.10.0.0/24"
+USER_VPN_GATEWAY="10.10.0.1"
+
+# Server tunnel network (RU <-> DE)
+TUNNEL_NETWORK="10.20.0.0/30"
+TUNNEL_RU_IP="10.20.0.1"
+TUNNEL_DE_IP="10.20.0.2"
+
+# =============================================================================
+# DNS Configuration
+# =============================================================================
+
+# DNS servers for VPN clients (dnsmasq forwards to these)
+DNS_UPSTREAM_1="8.8.8.8"
+DNS_UPSTREAM_2="8.8.4.4"
+DNS_UPSTREAM_3="1.1.1.1"
+
+# =============================================================================
+# SSH Configuration
+# =============================================================================
+
+# SSH port (for firewall rules)
+SSH_PORT="22"
+
+# =============================================================================
+# Advanced Settings
+# =============================================================================
+
+# nftables set timeout for Russian IP ranges (how long before entries expire)
+# Format: 1h, 6h, 24h, etc.
+NFT_SET_TIMEOUT="6h"
+
+# WireGuard persistent keepalive interval (seconds)
+# Helps maintain NAT mappings
+WG_KEEPALIVE="25"
+
+# DNS cache size for dnsmasq
+DNS_CACHE_SIZE="10000"