computer-playbook/roles/docker-wireguard/tasks/main.yml

42 lines
1.2 KiB
YAML

---
- name: configure {{domain}}.conf
template: src=roles/native-nginx-docker-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: recieve {{domain}} certificate
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- sysctl:
name: net.ipv4.conf.all.src_valid_mark
value: 1
sysctl_set: yes
- name: "setup wireguard"
docker_compose:
project_name: wireguard
definition:
application:
image: linuxserver/wireguard
restart: always
ports:
- "{{http_port}}:80"
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- SERVERURL={{domain}}
- SERVERPORT=51820 #optional
- PEERS=1 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
- ALLOWEDIPS=192.168.1.0/24,192.168.2.0/24 #optional
volumes:
- /path/to/appdata/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
restart: unless-stopped