ansible-roles/docker-services
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

New feature: Wireguard deployment with wg-easy #2

Merged
ludal merged 3 commits from wg-easy into master 2023-10-26 18:35:51 +02:00
Conversation 0 Commits 3 Files Changed 4 +75 -6
4 changed files with 75 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -21,6 +21,7 @@ Available services
- cadvisor - cadvisor
- Redisinsight - Redisinsight
- Gitlab - Gitlab
- [Wireguard](https://github.com/wg-easy/wg-easy)
Role variables Role variables
--------------- ---------------
@ -57,6 +58,7 @@ Example variables
- cadvisor - cadvisor
- redisinsight - redisinsight
- gitlab - gitlab
- wireguard
traefik_domain: 'example.com' traefik_domain: 'example.com'
traefik_letsencrypt_email: 'cert@example.com' traefik_letsencrypt_email: 'cert@example.com'
@ -66,14 +68,19 @@ Example variables
redisinsight_domain: 'redisinsight.example.com' redisinsight_domain: 'redisinsight.example.com'
redisinsight_whitelist: redisinsight_whitelist:
- 192.168.1.0/24 - 192.168.1.0/24
- 31.15.24.XX - 31.15.24.XX
- 37.58.179.XX - 37.58.179.XX
gitlab_version: 'latest' gitlab_version: 'latest'
gitlab_root_password: 'vault-this-thingy' gitlab_root_password: 'vault-this-thingy'
gitlab_domain: gitlab.example.com gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.example.com gitlab_registry_domain: registry.example.com
wireguard_version: 'latest'
# wg-easy webui access:
wireguard_domain: 'wg.example.com'
wireguard_password: 'please-vault-this-too'
``` ```
TODO TODO
@ -94,8 +101,6 @@ TODO
- needs to be implemented - needs to be implemented
- Promtail - Promtail
- needs to be implemented - needs to be implemented
- Gitlab
- needs to be implemented
License License
------- -------

9
handlers/main.yml
View File

@ -48,9 +48,16 @@
ignore_errors: '{{ ansible_check_mode }}' ignore_errors: '{{ ansible_check_mode }}'
tags: ['docker_gitlab'] tags: ['docker_gitlab']
- name: 'gitlab-runner-restart' - name: gitlab-runner-restart
systemd: systemd:
name: docker-compose@gitlab-runner name: docker-compose@gitlab-runner
state: restarted state: restarted
ignore_errors: '{{ ansible_check_mode }}' ignore_errors: '{{ ansible_check_mode }}'
tags: ['docker_gitlab-runner'] tags: ['docker_gitlab-runner']
- name: wireguard-restart
systemd:
name: docker-compose@wireguard
state: restarted
ignore_errors: '{{ ansible_check_mode }}'
tags: ['docker_wireguard']

16
tasks/wireguard.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: wireguard | check vars are defined
assert:
that:
- wireguard_domain is defined
tags: ['docker_wireguard']
- include_tasks: base.yml
tags: ['docker_wireguard']
- name: 'wireguard | create docker volumes'
docker_volume:
name: '{{ item }}'
with_items:
- 'wireguard__etc_wireguard'
tags: ['docker_wireguard']

41
templates/compose/wireguard.yml.j2 Normal file
View File

@ -0,0 +1,41 @@
version: '3.7'
networks:
traefik:
external: true
volumes:
wireguard__etc_wireguard:
external: true
services:
wireguard:
container_name: wireguard
image: weejewel/wg-easy:{{ wireguard_version | default("latest") }}
restart: unless-stopped
ports:
- "{{ wireguard_port | default("51820") }}:51820/udp"
volumes:
- 'wireguard__etc_wireguard:/etc/wireguard'
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
environment:
- WG_HOST={{ wireguard_domain }}
- PASSWORD={{ wireguard_password }}
labels:
traefik.enable: true
traefik.docker.network: traefik
traefik.http.routers.wireguard.rule: Host(`{{ wireguard_domain }}`)
traefik.http.routers.wireguard.tls: true
traefik.http.routers.wireguard.tls.certresolver: letsencrypt
traefik.http.routers.wireguard.entrypoints: websecure
{% if traefik_ipwhitelist is defined %}
traefik.http.routers.wireguard.middlewares: "clientips@docker"
{% endif %}
traefik.http.services.wireguard.loadbalancer.server.port: 51821
networks:
- traefik