diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index d82ca68..e038774 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -32,4 +32,3 @@ open_ports: - { port: '5001', proto: 'tcp', comment: 'IPFS Kubo RPC API (not port-forwarded)' } - { port: '18080', proto: 'tcp', comment: 'monerod P2P' } - { port: '18089', proto: 'tcp', comment: 'monerod RPC' } - - { port: '51820', proto: 'udp', comment: 'WireGuard' } diff --git a/roles/docker_services/defaults/main.yml b/roles/docker_services/defaults/main.yml index 646d875..59025a4 100644 --- a/roles/docker_services/defaults/main.yml +++ b/roles/docker_services/defaults/main.yml @@ -47,11 +47,6 @@ services: version: '2023.05.2' unbound_version: latest - wireguard: - domain: wg01.vpn.{{ base_domain }} - volume: "{{ base_volume }}/wireguard" - version: alpine - restic: repo: /restic version: '1.7' @@ -68,4 +63,3 @@ backup_volumes: - "{{ services.emby.volume }}:/mnt/volumes/emby:ro" - "{{ services.nextcloud.volume }}:/mnt/volumes/nextcloud:ro" - "{{ services.pihole.volume }}:/mnt/volumes/pi-hole:ro" - - "{{ services.wireguard.volume }}:/mnt/volumes/wireguard:ro" diff --git a/roles/docker_services/tasks/services.yml b/roles/docker_services/tasks/services.yml index 0f72020..297e8aa 100644 --- a/roles/docker_services/tasks/services.yml +++ b/roles/docker_services/tasks/services.yml @@ -8,14 +8,6 @@ gateway: 172.16.0.1 state: present -- name: Create Docker network for Pi-hole and WireGuard - community.docker.docker_network: - name: pihole_wireguard - ipam_config: - - subnet: 172.18.0.0/16 - gateway: 172.18.0.1 - state: present - - name: Create base directories for Docker volumes ansible.builtin.file: name: "{{ item }}" diff --git a/roles/docker_services/tasks/services/pihole.yml b/roles/docker_services/tasks/services/pihole.yml index 82460f4..d7bd8f4 100644 --- a/roles/docker_services/tasks/services/pihole.yml +++ b/roles/docker_services/tasks/services/pihole.yml @@ -55,10 +55,6 @@ PIHOLE_DNS_: unbound WEBPASSWORD: "{{ secrets.pihole.web_pw }}" TZ: "{{ timezone }}" - networks: - default: - pihole_wireguard: - ipv4_address: "{{ services.pihole.docker_ipv4 }}" volumes: - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw" - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw" @@ -74,7 +70,3 @@ restart: always volumes: - "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro" - - networks: - pihole_wireguard: - external: true diff --git a/roles/docker_services/tasks/services/wireguard.yml b/roles/docker_services/tasks/services/wireguard.yml deleted file mode 100644 index 6dba35e..0000000 --- a/roles/docker_services/tasks/services/wireguard.yml +++ /dev/null @@ -1,36 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Wireguard volume directory - ansible.builtin.file: - name: "{{ services.wireguard.volume }}" - owner: '911' - mode: u=rwx,g=rx,o=rx - state: directory - -- name: Deploy Wireguard Docker container - community.docker.docker_container: - name: wireguard - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: linuxserver/wireguard:{{ services.wireguard.version }} - restart_policy: always - default_host_ip: '' - networks: - - name: pihole_wireguard - env: - SERVERURL: "{{ services.wireguard.domain }}" - SERVERPORT: '51820' - PEERS: "{{ secrets.wireguard.peers }}" - PEERDNS: "{{ services.pihole.docker_ipv4 }}" - TZ: "{{ timezone }}" - volumes: - - "{{ services.wireguard.volume }}:/config:rw" - - /lib/modules:/lib/modules:rw - published_ports: - - 51820:51820/udp - capabilities: - - net_admin - - sys_module - sysctls: - net.ipv4.conf.all.src_valid_mark: 1