network

playbooks/roles/network/defaults/main.yml

@@ -0,0 +1,22 @@
+---
+nginx_proxy_manager_image: "jc21/nginx-proxy-manager:latest"
+nginx_proxy_manager_container_name: "nginx-proxy-manager"
+nginx_proxy_manager_data_path: "/opt/nginx-proxy-manager/data"
+nginx_proxy_manager_letsencrypt_path: "/opt/nginx-proxy-manager/letsencrypt"
+nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager/docker-compose.yml"
+nginx_proxy_manager_admin_email: "tobend85@gmail.com"
+nginx_proxy_manager_admin_password: "risICE3"
+nginx_proxy_manager_port: "9900"
+nginx_proxy_manager_ssl_port: "443"
+# Docker network configuration
+docker_network_name: "sublime-net"
+# Wireguard-Easy container configuration
+wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
+wireguard_easy_version: "latest"
+wireguard_easy_port: "51820"
+wireguard_easy_admin_port: "51821"
+wireguard_easy_data_dir: "/etc/wireguard"
+wireguard_easy_config_dir: "/opt/network"
+wireguard_easy_host: "130.162.231.152"
+wireguard_easy_password: "admin"
+wireguard_easy_password_hash: ""

playbooks/roles/network/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: portainer

playbooks/roles/network/tasks/main.yml

@@ -0,0 +1,89 @@
+- name: Update apt cache
+  apt:
+    update_cache: true
+
+- name: Install WireGuard and required packages
+  apt:
+    name:
+      - wireguard
+      - wireguard-tools
+      - resolvconf
+    state: present
+
+- name: Ensure WireGuard module is loaded
+  modprobe:
+    name: wireguard
+    state: present
+
+- name: Enable IP forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: '1'
+    state: present
+
+- name: Ensure wireguard config directory exists
+  file:
+    path: "{{ wireguard_easy_config_dir }}"
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Ensure WireGuard configuration file exists (optional)
+  file:
+    path: "{{ wireguard_easy_data_dir }}/wg0.conf"
+    state: touch
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure nginx data directory exists
+  file:
+    path: "{{ nginx_proxy_manager_data_path }}"
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Copy Nginx configuration files
+  copy:
+    src: nginx/data
+    dest: "{{ nginx_proxy_manager_data_path }}"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure Let's Encrypt directory exists
+  file:
+    path: "{{ nginx_proxy_manager_letsencrypt_path }}"
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Copy Let's Encrypt files
+  copy:
+    src: nginx/letsencrypt
+    dest: "{{ nginx_proxy_manager_letsencrypt_path }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart Nginx
+
+- name: Generate Docker Compose file for Wireguard and Nginx
+  template:
+    src: docker-compose.j2
+    dest: /opt/network/docker-compose.yml
+    owner: root
+    group: root
+    mode: '0644'
+  become: true
+
+- name: Deploy Containers
+  community.docker.docker_compose_v2:
+    project_src: /opt/network
+    state: present
+    restart: true
+  become: true
+
+- name: Ensure Nginx container is running
+  community.docker.docker_container_info:
+    name: "{{ nginx_proxy_manager_container_name }}"
+  register: nginx_container_info

playbooks/roles/network/templates/docker-compose.j2

@@ -0,0 +1,48 @@
+services:
+  wireguard-easy:
+    image: "{{ wireguard_easy_image }}:{{ wireguard_easy_version }}"
+    container_name: wireguard-easy
+    devices:
+      - /dev/net/tun
+    environment:
+      - WG_HOST={{ wireguard_easy_host }}
+      - PASSWORD_HASH={{ wireguard_easy_password_hash }}
+    ports:
+      - "{{ wireguard_easy_port }}:51820/udp"
+      - "{{ wireguard_easy_admin_port }}:51821/tcp"
+      - "80:80"
+      - "{{ nginx_proxy_manager_port }}:81"
+      - "{{ nginx_proxy_manager_ssl_port }}:443"
+    volumes:
+      - "{{ wireguard_easy_data_dir }}:/etc/wireguard"
+      - "{{ wireguard_easy_config_dir }}:/opt/network"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv6.conf.all.disable_ipv6=0
+    networks:
+      - {{ docker_network_name }}
+    restart: unless-stopped
+
+  nginx-proxy-manager:
+    image: "{{ nginx_proxy_manager_image }}"
+    container_name: "{{ nginx_proxy_manager_container_name }}"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    restart: always
+    network_mode: service:wireguard-easy
+    depends_on:
+      - wireguard-easy
+    environment:
+      INITIAL_ADMIN_EMAIL: {{ nginx_proxy_manager_admin_email }}
+      INITIAL_ADMIN_PASSWORD: {{ nginx_proxy_manager_admin_password }}
+    volumes:
+      - "{{ nginx_proxy_manager_data_path }}:/data"
+      - "{{ nginx_proxy_manager_letsencrypt_path }}:/etc/letsencrypt"
+
+networks:
+  {{ docker_network_name }}:
+    driver: bridge