mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-12-23 18:55:03 +01:00
42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
---
|
|
- name: configure {{domain}}.conf
|
|
template: src=roles/native-nginx-docker-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
|
notify: restart nginx
|
|
|
|
- name: recieve {{domain}} certificate
|
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
|
|
|
- sysctl:
|
|
name: net.ipv4.conf.all.src_valid_mark
|
|
value: 1
|
|
sysctl_set: yes
|
|
|
|
- name: "setup wireguard"
|
|
docker_compose:
|
|
project_name: wireguard
|
|
definition:
|
|
application:
|
|
image: linuxserver/wireguard
|
|
restart: always
|
|
ports:
|
|
- "127.0.0.1:{{http_port}}:80"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/London
|
|
- SERVERURL={{domain}}
|
|
- SERVERPORT=51820 #optional
|
|
- PEERS=1 #optional
|
|
- PEERDNS=auto #optional
|
|
- INTERNAL_SUBNET=10.13.13.0 #optional
|
|
- ALLOWEDIPS=192.168.1.0/24,192.168.2.0/24 #optional
|
|
volumes:
|
|
- /path/to/appdata/config:/config
|
|
- /lib/modules:/lib/modules
|
|
ports:
|
|
- 51820:51820/udp
|
|
restart: unless-stopped
|