# vim: ft=yaml.ansible
---
- name: Create Wireguard volume directory
ansible.builtin.file:
name: "{{ services.wireguard.volume }}"
owner: '911'
mode: u=rwx,g=rx,o=rx
state: directory
- name: Deploy Wireguard Docker container
community.docker.docker_container:
name: wireguard
state: "{{ 'absent' if down is defined and down else 'started' }}"
restart: "{{ restart is defined and restart }}"
recreate: "{{ recreate is defined and recreate }}"
image: linuxserver/wireguard:{{ services.wireguard.version }}
restart_policy: always
default_host_ip: ''
networks:
- name: pihole_wireguard
env:
SERVERURL: "{{ services.wireguard.domain }}"
SERVERPORT: '51820'
PEERS: "{{ secrets.wireguard.peers }}"
PEERDNS: "{{ services.pihole.docker_ipv4 }}"
TZ: "{{ timezone }}"
volumes:
- "{{ services.wireguard.volume }}:/config:rw"
- /lib/modules:/lib/modules:rw
published_ports:
- 51820:51820/udp
capabilities:
- net_admin
- sys_module
sysctls:
net.ipv4.conf.all.src_valid_mark: 1