tobi/HomeCloudPlaybooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
HomeCloudPlaybooks/playbooks/roles/network/tasks/main.yml

163 lines
3.8 KiB
YAML
Raw Blame History

- name: Ensure user's Podman Compose directory exists
ansible.builtin.file:
path: "/opt/podman-compose/network"
state: directory
mode: '0755'
owner: "root"
group: "root"
become: true
- name: Ensure Wireguard data directory exists
ansible.builtin.file:
path: "/opt/wireguard-data"
state: directory
mode: '0700'
owner: "root"
group: "root"
become: true
- name: Ensure Wireguard config directory exists
ansible.builtin.file:
path: "/opt/wireguard-config"
state: directory
mode: '0700'
owner: "root"
group: "root"
become: true
- name: Ensure Nginx Proxy Manager data directory exists
ansible.builtin.file:
path: "/opt/nginx-proxy-manager-data"
state: directory
mode: '0700'
owner: "root"
group: "root"
become: true
- name: Ensure Nginx Proxy Manager LetsEncrypt directory exists
ansible.builtin.file:
path: "/opt/nginx-proxy-manager-letsencrypt"
state: directory
mode: '0700'
owner: "root"
group: "root"
become: true
- name: Set permissions for Nginx Proxy Manager data directory
ansible.builtin.file:
path: "/opt/nginx-proxy-manager-data"
mode: '0777'
become: true
- name: Set permissions for Nginx Proxy Manager LetsEncrypt directory
ansible.builtin.file:
path: "/opt/nginx-proxy-manager-letsencrypt"
mode: '0777'
become: true
- name: Stop and remove existing Podman Compose services and volumes
ansible.builtin.shell: podman-compose -f /opt/podman-compose/network/podman-compose.yml down --volumes
args:
chdir: "/opt/podman-compose/network"
ignore_errors: true
become: true
- name: Generate Podman Compose file for Wireguard and Nginx
template:
src: podman-compose.j2
dest: "/opt/podman-compose/network/podman-compose.yml"
owner: "root"
group: "root"
mode: '0644'
become: true
- name: Start Podman Compose services for Wireguard and Nginx
ansible.builtin.shell: podman-compose -f /opt/podman-compose/network/podman-compose.yml up -d
args:
chdir: "/opt/podman-compose/network"
become: true
- name: Allow Nginx HTTP port
ansible.posix.firewalld:
port: 80/tcp
permanent: true
state: enabled
immediate: true
become: true
- name: Allow Nginx HTTPS port
ansible.posix.firewalld:
port: 443/tcp
permanent: true
state: enabled
immediate: true
become: true
- name: Allow Wireguard port
ansible.posix.firewalld:
port: 51820/udp
permanent: true
state: enabled
immediate: true
become: true
- name: Allow Wireguard Admin UI port
ansible.posix.firewalld:
port: 51821/tcp
permanent: true
state: enabled
immediate: true
become: true
- name: Allow Nginx Proxy Manager Admin UI port
ansible.posix.firewalld:
port: 9900/tcp
permanent: true
state: enabled
immediate: true
become: true
- name: Test Nginx HTTP accessibility
ansible.builtin.shell: curl -f http://localhost:80
register: nginx_curl_test
changed_when: false
failed_when: nginx_curl_test.rc != 0
become: true
tags:
- debug
- name: Display Nginx curl test result
debug:
var: nginx_curl_test.stdout
tags:
- debug
- name: Test Wireguard UDP port accessibility
ansible.builtin.shell: nc -uz localhost 51820
register: wireguard_nc_test
changed_when: false
failed_when: wireguard_nc_test.rc != 0
become: true
tags:
- debug
- name: Display Wireguard nc test result
debug:
var: wireguard_nc_test.stdout
tags:
- debug
- name: Test Wireguard Admin UI accessibility
ansible.builtin.shell: curl -f http://localhost:51821
register: wireguard_admin_curl_test
changed_when: false
failed_when: wireguard_admin_curl_test.rc != 0
become: true # Run as root
tags:
- debug
- name: Display Wireguard Admin UI curl test result
debug:
var: wireguard_admin_curl_test.stdout
tags:
- debug
Reference in New Issue View Git Blame Copy Permalink