# vim: ft=yaml.ansible
---
- name: Create Wireguard volume directory
  file:
    name: "{{ services.wireguard.volume }}"
    owner: root
    mode: u=rwx,g=rx,o=rx
    state: directory

- name: Deploy Wireguard Docker container
  docker_container:
    name: wireguard
    image: "linuxserver/wireguard:{{ services.wireguard.version }}"
    restart_policy: unless-stopped
    env:
      SERVERURL: "{{ services.wireguard.domain }}"
      SERVERPORT: "{{ services.wireguard.port }}"
      PEERS: "{{ secrets.wireguard.peers }}"
      PEERDNS: auto
      TZ: "{{ timezone }}"
    volumes:
      - "{{ services.wireguard.volume }}:/config:rw"
      - /lib/modules:/lib/modules:rw
    published_ports:
      - "{{ services.wireguard.port }}:{{ services.wireguard.port }}/udp"
    capabilities:
      - net_admin
      - sys_module
    sysctls:
      net.ipv4.conf.all.src_valid_mark: 1