Remove WireGuard

group_vars/all/vars.yml

@@ -32,4 +32,3 @@ open_ports:
   - { port: '5001', proto: 'tcp', comment: 'IPFS Kubo RPC API (not port-forwarded)' }
   - { port: '18080', proto: 'tcp', comment: 'monerod P2P' }
   - { port: '18089', proto: 'tcp', comment: 'monerod RPC' }
-  - { port: '51820', proto: 'udp', comment: 'WireGuard' }

roles/docker_services/defaults/main.yml

@@ -47,11 +47,6 @@ services:
     version: '2023.05.2'
     unbound_version: latest
 
-  wireguard:
-    domain: wg01.vpn.{{ base_domain }}
-    volume: "{{ base_volume }}/wireguard"
-    version: alpine
-
   restic:
     repo: /restic
     version: '1.7'
@@ -68,4 +63,3 @@ backup_volumes:
   - "{{ services.emby.volume }}:/mnt/volumes/emby:ro"
   - "{{ services.nextcloud.volume }}:/mnt/volumes/nextcloud:ro"
   - "{{ services.pihole.volume }}:/mnt/volumes/pi-hole:ro"
-  - "{{ services.wireguard.volume }}:/mnt/volumes/wireguard:ro"

roles/docker_services/tasks/services.yml

@@ -8,14 +8,6 @@
         gateway: 172.16.0.1
     state: present
 
-- name: Create Docker network for Pi-hole and WireGuard
-  community.docker.docker_network:
-    name: pihole_wireguard
-    ipam_config:
-      - subnet: 172.18.0.0/16
-        gateway: 172.18.0.1
-    state: present
-
 - name: Create base directories for Docker volumes
   ansible.builtin.file:
     name: "{{ item }}"

roles/docker_services/tasks/services/pihole.yml

@@ -55,10 +55,6 @@
             PIHOLE_DNS_: unbound
             WEBPASSWORD: "{{ secrets.pihole.web_pw }}"
             TZ: "{{ timezone }}"
-          networks:
-            default:
-            pihole_wireguard:
-              ipv4_address: "{{ services.pihole.docker_ipv4 }}"
           volumes:
             - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
             - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
@@ -74,7 +70,3 @@
           restart: always
           volumes:
             - "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"
-
-      networks:
-        pihole_wireguard:
-          external: true

roles/docker_services/tasks/services/wireguard.yml

@@ -1,36 +0,0 @@
-# vim: ft=yaml.ansible
----
-- name: Create Wireguard volume directory
-  ansible.builtin.file:
-    name: "{{ services.wireguard.volume }}"
-    owner: '911'
-    mode: u=rwx,g=rx,o=rx
-    state: directory
-
-- name: Deploy Wireguard Docker container
-  community.docker.docker_container:
-    name: wireguard
-    state: "{{ 'absent' if down is defined and down else 'started' }}"
-    restart: "{{ restart is defined and restart }}"
-    recreate: "{{ recreate is defined and recreate }}"
-    image: linuxserver/wireguard:{{ services.wireguard.version }}
-    restart_policy: always
-    default_host_ip: ''
-    networks:
-      - name: pihole_wireguard
-    env:
-      SERVERURL: "{{ services.wireguard.domain }}"
-      SERVERPORT: '51820'
-      PEERS: "{{ secrets.wireguard.peers }}"
-      PEERDNS: "{{ services.pihole.docker_ipv4 }}"
-      TZ: "{{ timezone }}"
-    volumes:
-      - "{{ services.wireguard.volume }}:/config:rw"
-      - /lib/modules:/lib/modules:rw
-    published_ports:
-      - 51820:51820/udp
-    capabilities:
-      - net_admin
-      - sys_module
-    sysctls:
-      net.ipv4.conf.all.src_valid_mark: 1