cleanup

playbooks/roles/network/defaults/main.yml

@@ -1,34 +1,48 @@
 ---
-nginx_proxy_manager_image: "jc21/nginx-proxy-manager:latest"
+# WireGuard-Easy and Nginx Proxy Manager images
+wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
+wireguard_easy_version: "latest"
+nginx_proxy_manager_image: "jc21/nginx-proxy-manager"
+nginx_proxy_manager_version: "latest"
+
+# Admin port for Nginx Proxy Manager
+nginx_proxy_manager_port: "9900"
+
+# SSL port for Nginx Proxy Manager
+nginx_proxy_manager_ssl_port: "443"
+
+# Set folders for Nginx Proxy Manager and WireGuard-Easy Containers
 nginx_proxy_manager_container_name: "nginx-proxy-manager"
 nginx_proxy_manager_data_path: "/opt/nginx-proxy-manager/data"
 nginx_proxy_manager_letsencrypt_path: "/opt/nginx-proxy-manager/letsencrypt"
 nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager"
-nginx_proxy_manager_admin_email: "YOUR@EMAIL.HERE" # 💡
-nginx_proxy_manager_admin_password: "YOUR_PASSWORD" # 💡
-nginx_proxy_manager_port: "9900"
-nginx_proxy_manager_ssl_port: "443"
-
-# Wireguard-Easy container configuration
-wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
-wireguard_easy_version: "latest"
-wireguard_easy_port: "51820"
-wireguard_easy_admin_port: "51821"
 wireguard_easy_data_dir: "/etc/wireguard"
-wireguard_easy_config_dir: "/opt/wg-easy"
+
-wireguard_easy_host: "0.0.0.0"
+# WireGuard VPN Port
+wireguard_easy_port: "51820"
+
+# WireGuard Admin interface port
+wireguard_easy_admin_port: "51821"
 
 # 🚨 Important! 🚨
 # Replace password hash with a bcrypt password hash to log in on the Web UI.
-# See How_to_generate_an_bcrypt_hash.md for instructions on how to generate a hashed password.
+#
+# See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md for
+# instructions on how to generate a hashed password.
+#
 # Please note: don't wrap the generated hash password in single quotes when you use docker-compose.yml.
 # Instead, replace each $ symbol with two $$ symbols. For example:
 #   $ docker run ghcr.io/wg-easy/wg-easy wgpw 'foobar123'
 #   PASSWORD_HASH='$2y$10$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG'
 wireguard_easy_password_hash: $$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG
-wireguard_easy_default_address: "10.8.0.1"
+
+# Default DNS server for clients
 wireguard_easy_default_dns: "1.1.1.1"
+
+# By setting this variable you can ensure that only traffic from this range is allowed for the WireGuard interface.
 wireguard_easy_allowed_ips: "10.8.0.0/24"
+
+# Keepalive interval for clients (in seconds)
 wireguard_easy_persistent_keepalive: "25"
 
 # Docker network configuration

playbooks/roles/network/tasks/main.yml

@@ -1,6 +1,10 @@
+---
+# Ansible playbook to set up WireGuard and Nginx using Docker Compose
+
 - name: Update apt cache
   apt:
     update_cache: true
+  # This task updates the package cache on the target system to ensure we have the latest package information.
 
 - name: Install WireGuard and required packages
   apt:
@@ -9,32 +13,20 @@
       - wireguard-tools
       - resolvconf
     state: present
+  # This task installs WireGuard, its tools, and resolvconf, which are necessary for managing network interfaces.
 
 - name: Ensure WireGuard module is loaded
   modprobe:
     name: wireguard
     state: present
+  # This task ensures that the WireGuard kernel module is loaded, enabling WireGuard functionality.
 
 - name: Enable IP forwarding
   sysctl:
     name: net.ipv4.ip_forward
     value: '1'
     state: present
-
+  # This task enables IP forwarding, which is necessary for routing traffic through the WireGuard VPN.
-- name: Ensure wireguard config directory exists
-  file:
-    path: "{{ wireguard_easy_config_dir }}"
-    state: directory
-    mode: '0755'
-  become: true
-
-- name: Ensure WireGuard configuration file exists (optional)
-  file:
-    path: "{{ wireguard_easy_data_dir }}/wg0.conf"
-    state: touch
-    owner: root
-    group: root
-    mode: '0644'
 
 - name: Ensure nginx data directory exists
   file:
@@ -42,14 +34,7 @@
     state: directory
     mode: '0755'
   become: true
-
+  # This task ensures that the directory for Nginx data exists and has the correct permissions.
-- name: Copy Nginx configuration files
-  copy:
-    src: nginx/data
-    dest: "{{ nginx_proxy_manager_data_path }}"
-    owner: root
-    group: root
-    mode: '0644'
 
 - name: Ensure Let's Encrypt directory exists
   file:
@@ -57,6 +42,7 @@
     state: directory
     mode: '0755'
   become: true
+  # This task ensures that the directory for Let's Encrypt certificates exists and has the correct permissions.
 
 - name: Generate Docker Compose file for Wireguard and Nginx
   template:
@@ -66,15 +52,23 @@
     group: root
     mode: '0644'
   become: true
+  # This task generates a Docker Compose file from a Jinja2 template, which defines the services for WireGuard and Nginx.
 
 - name: Deploy Containers
-  docker_compose_v2:
+  community.docker.docker_compose_v2:
-    project_src: /opt/network
+    project_src: "{{ nginx_proxy_manager_compose_path }}"
     state: present
-    restart: true
   become: true
+  # This task uses Docker Compose to deploy the containers defined in the Docker Compose file.
 
-- name: Ensure Nginx container is running
+- name: Wait for Nginx container to start
-  docker_container_info:
+  wait_for:
-    name: "{{ nginx_proxy_manager_container_name }}"
+    host: "{{ inventory_hostname }}"
-  register: nginx_container_info
+    port: "{{ nginx_proxy_manager_port }}"
+    delay: 10
+    timeout: 300
+  register: nginx_port_check
+  until: nginx_port_check.state == 'started'
+  retries: 10
+  # This task waits for the Nginx container to start by checking if the specified port is open.
+  # It retries up to 10 times with a 10-second delay between attempts.

playbooks/roles/network/templates/docker-compose.j2

@@ -5,22 +5,18 @@ services:
     devices:
       - /dev/net/tun  # Allows the container to create network interfaces
     environment:
-      - WG_HOST={{ wireguard_easy_host }}  # Hostname or IP address for the WireGuard server
+      - WG_HOST={{ ansible_host }}
-      - PASSWORD_HASH={{ wireguard_easy_password_hash }}  # Hashed password for the admin interface
+      - PASSWORD_HASH={{ wireguard_easy_password_hash }}
-      - WG_DEFAULT_ADDRESS={{ wireguard_easy_default_address }}  # Default IP address for clients
+      - WG_DEFAULT_DNS={{ wireguard_easy_default_dns }}  
-      - WG_DEFAULT_DNS={{ wireguard_easy_default_dns }}  # Default DNS server for clients
+      - WG_ALLOWED_IPS={{ wireguard_easy_allowed_ips }}
-      - WG_ALLOWED_IPS={{ wireguard_easy_allowed_ips }}  # Allowed IPs for the VPN clients
+      - WG_PERSISTENT_KEEPALIVE={{ wireguard_easy_persistent_keepalive }}
-      - WG_PERSISTENT_KEEPALIVE={{ wireguard_easy_persistent_keepalive }}  # Keepalive interval for clients
-      - WG_CLIENT_ALLOWED_IPS={{ wireguard_easy_client_allowed_ips }}  # Allowed IPs for clients
     ports:
-      - "{{ wireguard_easy_port }}:51820/udp"  # WireGuard VPN port
+      - "{{ wireguard_easy_port }}:51820/udp"
-      - "{{ wireguard_easy_admin_port }}:51821/tcp"  # Admin interface port
+      - "{{ wireguard_easy_admin_port }}:51821/tcp"
-      - "80:80"  # HTTP port
+      - "{{ nginx_proxy_manager_port }}:81"  
-      - "{{ nginx_proxy_manager_port }}:81"  # Nginx Proxy Manager port
+      - "{{ nginx_proxy_manager_ssl_port }}:443" 
-      - "{{ nginx_proxy_manager_ssl_port }}:443"  # SSL port for Nginx Proxy Manager
     volumes:
       - "{{ wireguard_easy_data_dir }}:/etc/wireguard"  # Directory for WireGuard configuration files
-      - "{{ wireguard_easy_config_dir }}:/opt/network"  # Directory for network configuration files
     cap_add:
       - NET_ADMIN  # Allows the container to perform network-related operations
       - SYS_MODULE  # Allows the container to load kernel modules
@@ -32,7 +28,7 @@ services:
     restart: unless-stopped  # Restart policy
 
   nginx-proxy-manager:
-    image: "{{ nginx_proxy_manager_image }}"
+    image: "{{ nginx_proxy_manager_image }}:{{ nginx_proxy_manager_version }}"
     container_name: "{{ nginx_proxy_manager_container_name }}"
     cap_add:
       - NET_ADMIN
@@ -41,9 +37,6 @@ services:
     network_mode: service:wireguard-easy  # Uses the network of the WireGuard Easy service
     depends_on:
       - wireguard-easy  # Depends on the WireGuard Easy service
-    environment:
-      INITIAL_ADMIN_EMAIL: {{ nginx_proxy_manager_admin_email }}  # Admin email for Nginx Proxy Manager
-      INITIAL_ADMIN_PASSWORD: {{ nginx_proxy_manager_admin_password }}  # Admin password for Nginx Proxy Manager
     volumes:
       - "{{ nginx_proxy_manager_data_path }}:/data"  # Directory for Nginx Proxy Manager data
       - "{{ nginx_proxy_manager_letsencrypt_path }}:/etc/letsencrypt"  # Directory for Let's Encrypt certificates