--- - name: configure {{domain}}.conf template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: recieve {{domain}} certificate command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - sysctl: name: net.ipv4.conf.all.src_valid_mark value: 1 sysctl_set: yes - name: "setup wireguard" docker_compose: project_name: wireguard definition: application: image: linuxserver/wireguard restart: always ports: - "127.0.0.1:{{http_port}}:80" cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=Europe/London - SERVERURL={{domain}} - SERVERPORT=51820 #optional - PEERS=1 #optional - PEERDNS=auto #optional - INTERNAL_SUBNET=10.13.13.0 #optional - ALLOWEDIPS=192.168.1.0/24,192.168.2.0/24 #optional volumes: - /path/to/appdata/config:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp restart: unless-stopped