Remove WireGuard
This commit is contained in:
parent
ed2dbce21f
commit
b300b55254
GPG key ID:
CBBBE7371E81C4EA
|
|
@ -32,4 +32,3 @@ open_ports:
|
|||
- { port: '5001', proto: 'tcp', comment: 'IPFS Kubo RPC API (not port-forwarded)' }
|
||||
- { port: '18080', proto: 'tcp', comment: 'monerod P2P' }
|
||||
- { port: '18089', proto: 'tcp', comment: 'monerod RPC' }
|
||||
- { port: '51820', proto: 'udp', comment: 'WireGuard' }
|
||||
|
|
|
|||
|
|
@ -47,11 +47,6 @@ services:
|
|||
version: '2023.05.2'
|
||||
unbound_version: latest
|
||||
|
||||
wireguard:
|
||||
domain: wg01.vpn.{{ base_domain }}
|
||||
volume: "{{ base_volume }}/wireguard"
|
||||
version: alpine
|
||||
|
||||
restic:
|
||||
repo: /restic
|
||||
version: '1.7'
|
||||
|
|
@ -68,4 +63,3 @@ backup_volumes:
|
|||
- "{{ services.emby.volume }}:/mnt/volumes/emby:ro"
|
||||
- "{{ services.nextcloud.volume }}:/mnt/volumes/nextcloud:ro"
|
||||
- "{{ services.pihole.volume }}:/mnt/volumes/pi-hole:ro"
|
||||
- "{{ services.wireguard.volume }}:/mnt/volumes/wireguard:ro"
|
||||
|
|
|
|||
|
|
@ -8,14 +8,6 @@
|
|||
gateway: 172.16.0.1
|
||||
state: present
|
||||
|
||||
- name: Create Docker network for Pi-hole and WireGuard
|
||||
community.docker.docker_network:
|
||||
name: pihole_wireguard
|
||||
ipam_config:
|
||||
- subnet: 172.18.0.0/16
|
||||
gateway: 172.18.0.1
|
||||
state: present
|
||||
|
||||
- name: Create base directories for Docker volumes
|
||||
ansible.builtin.file:
|
||||
name: "{{ item }}"
|
||||
|
|
|
|||
|
|
@ -55,10 +55,6 @@
|
|||
PIHOLE_DNS_: unbound
|
||||
WEBPASSWORD: "{{ secrets.pihole.web_pw }}"
|
||||
TZ: "{{ timezone }}"
|
||||
networks:
|
||||
default:
|
||||
pihole_wireguard:
|
||||
ipv4_address: "{{ services.pihole.docker_ipv4 }}"
|
||||
volumes:
|
||||
- "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
|
||||
- "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
|
||||
|
|
@ -74,7 +70,3 @@
|
|||
restart: always
|
||||
volumes:
|
||||
- "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"
|
||||
|
||||
networks:
|
||||
pihole_wireguard:
|
||||
external: true
|
||||
|
|
|
|||
|
|
@ -1,36 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Wireguard volume directory
|
||||
ansible.builtin.file:
|
||||
name: "{{ services.wireguard.volume }}"
|
||||
owner: '911'
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
state: directory
|
||||
|
||||
- name: Deploy Wireguard Docker container
|
||||
community.docker.docker_container:
|
||||
name: wireguard
|
||||
state: "{{ 'absent' if down is defined and down else 'started' }}"
|
||||
restart: "{{ restart is defined and restart }}"
|
||||
recreate: "{{ recreate is defined and recreate }}"
|
||||
image: linuxserver/wireguard:{{ services.wireguard.version }}
|
||||
restart_policy: always
|
||||
default_host_ip: ''
|
||||
networks:
|
||||
- name: pihole_wireguard
|
||||
env:
|
||||
SERVERURL: "{{ services.wireguard.domain }}"
|
||||
SERVERPORT: '51820'
|
||||
PEERS: "{{ secrets.wireguard.peers }}"
|
||||
PEERDNS: "{{ services.pihole.docker_ipv4 }}"
|
||||
TZ: "{{ timezone }}"
|
||||
volumes:
|
||||
- "{{ services.wireguard.volume }}:/config:rw"
|
||||
- /lib/modules:/lib/modules:rw
|
||||
published_ports:
|
||||
- 51820:51820/udp
|
||||
capabilities:
|
||||
- net_admin
|
||||
- sys_module
|
||||
sysctls:
|
||||
net.ipv4.conf.all.src_valid_mark: 1
|
||||
Reference in a new issue