Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| aaebdc1ff0 | |||
| 4ca690c017 | |||
| 7fe1c69b35 |
@ -1,22 +1,49 @@
|
||||
---
|
||||
nginx_proxy_manager_image: "jc21/nginx-proxy-manager:latest"
|
||||
# WireGuard-Easy and Nginx Proxy Manager images
|
||||
wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
|
||||
wireguard_easy_version: "latest"
|
||||
nginx_proxy_manager_image: "jc21/nginx-proxy-manager"
|
||||
nginx_proxy_manager_version: "latest"
|
||||
|
||||
# Admin port for Nginx Proxy Manager
|
||||
nginx_proxy_manager_port: "9900"
|
||||
|
||||
# SSL port for Nginx Proxy Manager
|
||||
nginx_proxy_manager_ssl_port: "443"
|
||||
|
||||
# Set folders for Nginx Proxy Manager and WireGuard-Easy Containers
|
||||
nginx_proxy_manager_container_name: "nginx-proxy-manager"
|
||||
nginx_proxy_manager_data_path: "/opt/nginx-proxy-manager/data"
|
||||
nginx_proxy_manager_letsencrypt_path: "/opt/nginx-proxy-manager/letsencrypt"
|
||||
nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager/docker-compose.yml"
|
||||
nginx_proxy_manager_admin_email: "tobend85@gmail.com"
|
||||
nginx_proxy_manager_admin_password: "risICE3"
|
||||
nginx_proxy_manager_port: "9900"
|
||||
nginx_proxy_manager_ssl_port: "443"
|
||||
# Docker network configuration
|
||||
docker_network_name: "sublime-net"
|
||||
# Wireguard-Easy container configuration
|
||||
wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
|
||||
wireguard_easy_version: "latest"
|
||||
wireguard_easy_port: "51820"
|
||||
wireguard_easy_admin_port: "51821"
|
||||
nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager"
|
||||
wireguard_easy_data_dir: "/etc/wireguard"
|
||||
wireguard_easy_config_dir: "/opt/network"
|
||||
wireguard_easy_host: "130.162.231.152"
|
||||
wireguard_easy_password: "admin"
|
||||
wireguard_easy_password_hash: ""
|
||||
|
||||
# WireGuard VPN Port
|
||||
wireguard_easy_port: "51820"
|
||||
|
||||
# WireGuard Admin interface port
|
||||
wireguard_easy_admin_port: "51821"
|
||||
|
||||
# 🚨 Important! 🚨
|
||||
# Replace password hash with a bcrypt password hash to log in on the Web UI.
|
||||
#
|
||||
# See https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md for
|
||||
# instructions on how to generate a hashed password.
|
||||
#
|
||||
# Please note: don't wrap the generated hash password in single quotes when you use docker-compose.yml.
|
||||
# Instead, replace each $ symbol with two $$ symbols. For example:
|
||||
# $ docker run ghcr.io/wg-easy/wg-easy wgpw 'foobar123'
|
||||
# PASSWORD_HASH='$2y$10$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG'
|
||||
wireguard_easy_password_hash: $$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG
|
||||
|
||||
# Default DNS server for clients
|
||||
wireguard_easy_default_dns: "1.1.1.1"
|
||||
|
||||
# By setting this variable you can ensure that only traffic from this range is allowed for the WireGuard interface.
|
||||
wireguard_easy_allowed_ips: "10.8.0.0/24"
|
||||
|
||||
# Keepalive interval for clients (in seconds)
|
||||
wireguard_easy_persistent_keepalive: "25"
|
||||
|
||||
# Docker network configuration
|
||||
docker_network_name: "proxy-net"
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: portainer
|
||||
@ -1,6 +1,10 @@
|
||||
---
|
||||
# Ansible playbook to set up WireGuard and Nginx using Docker Compose
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: true
|
||||
# This task updates the package cache on the target system to ensure we have the latest package information.
|
||||
|
||||
- name: Install WireGuard and required packages
|
||||
apt:
|
||||
@ -9,32 +13,20 @@
|
||||
- wireguard-tools
|
||||
- resolvconf
|
||||
state: present
|
||||
# This task installs WireGuard, its tools, and resolvconf, which are necessary for managing network interfaces.
|
||||
|
||||
- name: Ensure WireGuard module is loaded
|
||||
modprobe:
|
||||
name: wireguard
|
||||
state: present
|
||||
# This task ensures that the WireGuard kernel module is loaded, enabling WireGuard functionality.
|
||||
|
||||
- name: Enable IP forwarding
|
||||
sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: '1'
|
||||
state: present
|
||||
|
||||
- name: Ensure wireguard config directory exists
|
||||
file:
|
||||
path: "{{ wireguard_easy_config_dir }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: true
|
||||
|
||||
- name: Ensure WireGuard configuration file exists (optional)
|
||||
file:
|
||||
path: "{{ wireguard_easy_data_dir }}/wg0.conf"
|
||||
state: touch
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
# This task enables IP forwarding, which is necessary for routing traffic through the WireGuard VPN.
|
||||
|
||||
- name: Ensure nginx data directory exists
|
||||
file:
|
||||
@ -42,14 +34,7 @@
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: true
|
||||
|
||||
- name: Copy Nginx configuration files
|
||||
copy:
|
||||
src: nginx/data
|
||||
dest: "{{ nginx_proxy_manager_data_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
# This task ensures that the directory for Nginx data exists and has the correct permissions.
|
||||
|
||||
- name: Ensure Let's Encrypt directory exists
|
||||
file:
|
||||
@ -57,33 +42,33 @@
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: true
|
||||
|
||||
- name: Copy Let's Encrypt files
|
||||
copy:
|
||||
src: nginx/letsencrypt
|
||||
dest: "{{ nginx_proxy_manager_letsencrypt_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart Nginx
|
||||
# This task ensures that the directory for Let's Encrypt certificates exists and has the correct permissions.
|
||||
|
||||
- name: Generate Docker Compose file for Wireguard and Nginx
|
||||
template:
|
||||
src: docker-compose.j2
|
||||
dest: /opt/network/docker-compose.yml
|
||||
dest: "{{ nginx_proxy_manager_compose_path }}/docker-compose.yml"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
become: true
|
||||
# This task generates a Docker Compose file from a Jinja2 template, which defines the services for WireGuard and Nginx.
|
||||
|
||||
- name: Deploy Containers
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /opt/network
|
||||
project_src: "{{ nginx_proxy_manager_compose_path }}"
|
||||
state: present
|
||||
restart: true
|
||||
become: true
|
||||
# This task uses Docker Compose to deploy the containers defined in the Docker Compose file.
|
||||
|
||||
- name: Ensure Nginx container is running
|
||||
community.docker.docker_container_info:
|
||||
name: "{{ nginx_proxy_manager_container_name }}"
|
||||
register: nginx_container_info
|
||||
- name: Wait for Nginx container to start
|
||||
wait_for:
|
||||
host: "{{ inventory_hostname }}"
|
||||
port: "{{ nginx_proxy_manager_port }}"
|
||||
delay: 10
|
||||
timeout: 300
|
||||
register: nginx_port_check
|
||||
until: nginx_port_check.state == 'started'
|
||||
retries: 10
|
||||
# This task waits for the Nginx container to start by checking if the specified port is open.
|
||||
# It retries up to 10 times with a 10-second delay between attempts.
|
||||
|
||||
@ -3,46 +3,44 @@ services:
|
||||
image: "{{ wireguard_easy_image }}:{{ wireguard_easy_version }}"
|
||||
container_name: wireguard-easy
|
||||
devices:
|
||||
- /dev/net/tun
|
||||
- /dev/net/tun # Allows the container to create network interfaces
|
||||
environment:
|
||||
- WG_HOST={{ wireguard_easy_host }}
|
||||
- WG_HOST={{ ansible_host }}
|
||||
- PASSWORD_HASH={{ wireguard_easy_password_hash }}
|
||||
- WG_DEFAULT_DNS={{ wireguard_easy_default_dns }}
|
||||
- WG_ALLOWED_IPS={{ wireguard_easy_allowed_ips }}
|
||||
- WG_PERSISTENT_KEEPALIVE={{ wireguard_easy_persistent_keepalive }}
|
||||
ports:
|
||||
- "{{ wireguard_easy_port }}:51820/udp"
|
||||
- "{{ wireguard_easy_admin_port }}:51821/tcp"
|
||||
- "80:80"
|
||||
- "{{ nginx_proxy_manager_port }}:81"
|
||||
- "{{ nginx_proxy_manager_ssl_port }}:443"
|
||||
- "{{ nginx_proxy_manager_port }}:81"
|
||||
- "{{ nginx_proxy_manager_ssl_port }}:443"
|
||||
volumes:
|
||||
- "{{ wireguard_easy_data_dir }}:/etc/wireguard"
|
||||
- "{{ wireguard_easy_config_dir }}:/opt/network"
|
||||
- "{{ wireguard_easy_data_dir }}:/etc/wireguard" # Directory for WireGuard configuration files
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
- NET_ADMIN # Allows the container to perform network-related operations
|
||||
- SYS_MODULE # Allows the container to load kernel modules
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv6.conf.all.disable_ipv6=0
|
||||
- net.ipv4.ip_forward=1 # Enables IP forwarding
|
||||
- net.ipv6.conf.all.disable_ipv6=0 # Enables IPv6
|
||||
networks:
|
||||
- {{ docker_network_name }}
|
||||
restart: unless-stopped
|
||||
- {{ docker_network_name }} # Docker network to use
|
||||
restart: unless-stopped # Restart policy
|
||||
|
||||
nginx-proxy-manager:
|
||||
image: "{{ nginx_proxy_manager_image }}"
|
||||
image: "{{ nginx_proxy_manager_image }}:{{ nginx_proxy_manager_version }}"
|
||||
container_name: "{{ nginx_proxy_manager_container_name }}"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
restart: always
|
||||
network_mode: service:wireguard-easy
|
||||
network_mode: service:wireguard-easy # Uses the network of the WireGuard Easy service
|
||||
depends_on:
|
||||
- wireguard-easy
|
||||
environment:
|
||||
INITIAL_ADMIN_EMAIL: {{ nginx_proxy_manager_admin_email }}
|
||||
INITIAL_ADMIN_PASSWORD: {{ nginx_proxy_manager_admin_password }}
|
||||
- wireguard-easy # Depends on the WireGuard Easy service
|
||||
volumes:
|
||||
- "{{ nginx_proxy_manager_data_path }}:/data"
|
||||
- "{{ nginx_proxy_manager_letsencrypt_path }}:/etc/letsencrypt"
|
||||
- "{{ nginx_proxy_manager_data_path }}:/data" # Directory for Nginx Proxy Manager data
|
||||
- "{{ nginx_proxy_manager_letsencrypt_path }}:/etc/letsencrypt" # Directory for Let's Encrypt certificates
|
||||
|
||||
networks:
|
||||
{{ docker_network_name }}:
|
||||
driver: bridge
|
||||
driver: bridge # Network driver to use
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user