Added reverse proxy configs for mii
Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>pull/1/head
parent
7cd43fb8a8
commit
6c0ea656eb
|
@ -70,12 +70,12 @@ aya01_ip: "192.168.20.12"
|
||||||
zoneminder_host: "zm"
|
zoneminder_host: "zm"
|
||||||
zoneminder_port: "8081"
|
zoneminder_port: "8081"
|
||||||
|
|
||||||
zoneminder_root: "{{ docker_dir }}/zm/"
|
zoneminder_root: "{{ docker_dir }}/zm"
|
||||||
zoneminder_config: "{{ zoneminder_root }}/config/"
|
zoneminder_config: "{{ zoneminder_root }}/config"
|
||||||
zoneminder_log: "{{ zoneminder_root}}/log/"
|
zoneminder_log: "{{ zoneminder_root}}/log"
|
||||||
zoneminder_db: "{{ zoneminder_root}}/db/"
|
zoneminder_db: "{{ zoneminder_root}}/db"
|
||||||
|
|
||||||
zoneminder_data: "{{ docker_data_dir }}/zm/data/"
|
zoneminder_data: "{{ docker_data_dir }}/zm/data"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Syncthing
|
# Syncthing
|
||||||
|
@ -210,7 +210,39 @@ netdata_lib: "{{ docker_data_dir }}/netdata/lib/"
|
||||||
netdata_cache: "{{ docker_data_dir }}/netdata/cache"
|
netdata_cache: "{{ docker_data_dir }}/netdata/cache"
|
||||||
|
|
||||||
#
|
#
|
||||||
|
# swag
|
||||||
#
|
#
|
||||||
#
|
|
||||||
swag_port: "443"
|
swag_port: "443"
|
||||||
swag_config: "{{ docker_dir }}/swag/config/"
|
swag_config: "{{ docker_dir }}/swag/config/"
|
||||||
|
swag_subdomains: "www,plex,status,"
|
||||||
|
swag_email: "me+swag@tudattr.dev"
|
||||||
|
swag_site_confs:
|
||||||
|
- "templates/mii/swag/site-confs/plex.subdomain.conf"
|
||||||
|
- "templates/mii/swag/site-confs/uptime-kuma.subdomain.conf"
|
||||||
|
swag_remote_site_confs: "{{swag_config}}/nginx/site-confs/"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Plex
|
||||||
|
#
|
||||||
|
|
||||||
|
plex_host: "plex"
|
||||||
|
plex_port: "32400"
|
||||||
|
plex_config: "{{docker_data_dir}}/plex/config"
|
||||||
|
plex_tv: "/media/series"
|
||||||
|
plex_movies: "/media/movies"
|
||||||
|
|
||||||
|
#
|
||||||
|
# WireGuard
|
||||||
|
#
|
||||||
|
|
||||||
|
wg_config: "templates/wg0.conf"
|
||||||
|
wg_remote_config: "/etc/wireguard/wg0.conf"
|
||||||
|
wg_service: "wg-quick@wg0.service"
|
||||||
|
wg_deps: "wireguard"
|
||||||
|
|
||||||
|
wg_ip: "192.168.200.2"
|
||||||
|
wg_pubkey: "+LaPESyBF6Sb1lqkk4UcestFpXNaKYyyX99tkqwLQhU="
|
||||||
|
wg_endpoint: "borg.land:51820"
|
||||||
|
wg_allowed_ips: "192.168.20.0/24,192.168.200.1/32"
|
||||||
|
wg_dns: "{{ aya01_ip }},{{ pi_ip }},1.1.1.1"
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
ansible_user: "{{ user }}"
|
ansible_user: "{{ user }}"
|
||||||
ansible_host: 192.168.20.12
|
ansible_host: 192.168.20.12
|
||||||
ansible_port: 22
|
ansible_port: 22
|
||||||
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
|
ansible_ssh_private_key_file: /media/veracrypt1/genesis
|
||||||
ansible_become_pass: '{{ vault_aya01_tudattr_password }}'
|
ansible_become_pass: '{{ vault_aya01_tudattr_password }}'
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
ansible_user: "{{ user }}"
|
ansible_user: "{{ user }}"
|
||||||
ansible_host: 202.61.207.139
|
ansible_host: 202.61.207.139
|
||||||
ansible_port: 22
|
ansible_port: 22
|
||||||
ansible_ssh_private_key_file: /mnt/veracrypt1/genesis
|
ansible_ssh_private_key_file: /media/veracrypt1/genesis
|
||||||
ansible_become_pass: '{{ vault_mii_tudattr_password }}'
|
ansible_become_pass: '{{ vault_mii_tudattr_password }}'
|
||||||
|
|
3
mii.yml
3
mii.yml
|
@ -9,3 +9,6 @@
|
||||||
- role: docker
|
- role: docker
|
||||||
tags:
|
tags:
|
||||||
- docker
|
- docker
|
||||||
|
- role: wireguard
|
||||||
|
tags:
|
||||||
|
- wireguard
|
||||||
|
|
|
@ -12,22 +12,10 @@
|
||||||
tags:
|
tags:
|
||||||
- syncthing
|
- syncthing
|
||||||
|
|
||||||
#- include_tasks: grafana.yml
|
|
||||||
# tags:
|
|
||||||
# - grafana
|
|
||||||
|
|
||||||
- include_tasks: softserve.yml
|
- include_tasks: softserve.yml
|
||||||
tags:
|
tags:
|
||||||
- softserve
|
- softserve
|
||||||
|
|
||||||
#- include_tasks: prometheus.yml
|
|
||||||
# tags:
|
|
||||||
# - prometheus
|
|
||||||
#
|
|
||||||
#- include_tasks: netdata.yaml
|
|
||||||
# tags:
|
|
||||||
# - netdata
|
|
||||||
#
|
|
||||||
- include_tasks: cupsd.yml
|
- include_tasks: cupsd.yml
|
||||||
tags:
|
tags:
|
||||||
- cupsd
|
- cupsd
|
||||||
|
@ -40,6 +28,10 @@
|
||||||
tags:
|
tags:
|
||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
|
- include_tasks: plex.yml
|
||||||
|
tags:
|
||||||
|
- plex
|
||||||
|
|
||||||
- name: Copy the compose file
|
- name: Copy the compose file
|
||||||
template:
|
template:
|
||||||
src: templates/aya01/compose.yaml
|
src: templates/aya01/compose.yaml
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
- "{{ cupsd_config }}"
|
- "{{ cupsd_config }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Copy default config
|
- name: Copy cupsd config
|
||||||
template:
|
template:
|
||||||
owner: "{{ puid }}"
|
owner: "{{ puid }}"
|
||||||
src: "templates/aya01/cupsd/cupsd.conf"
|
src: "templates/aya01/cupsd/cupsd.conf"
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Create plex-config directory
|
||||||
|
file:
|
||||||
|
path: "{{plex_config}}"
|
||||||
|
owner: 1000
|
||||||
|
group: 1000
|
||||||
|
mode: '755'
|
||||||
|
state: directory
|
||||||
|
become: yes
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Create swag-config directory
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: "{{ puid }}"
|
||||||
|
group: "{{ pgid }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ swag_config }}"
|
||||||
|
|
||||||
|
- name: Copy site-confs
|
||||||
|
template:
|
||||||
|
owner: "{{ puid }}"
|
||||||
|
group: "{{ pgid }}"
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ swag_remote_site_confs }}"
|
||||||
|
mode: '644'
|
||||||
|
loop: "{{ swag_site_confs }}"
|
||||||
|
become: true
|
|
@ -7,4 +7,5 @@
|
||||||
group: "{{ pgid }}"
|
group: "{{ pgid }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- "{{ swag_config }}"
|
- "{{ docker_dir }}/traefik/etc-traefik/"
|
||||||
|
- "{{ docker_dir }}/traefik/var-log/"
|
||||||
|
|
|
@ -2,16 +2,16 @@
|
||||||
- name: Create zoneminder user
|
- name: Create zoneminder user
|
||||||
user:
|
user:
|
||||||
name: zm
|
name: zm
|
||||||
uid: 911
|
uid: '911'
|
||||||
shell: /bin/false
|
shell: /bin/false
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Create Zoneminder config directory
|
- name: Create Zoneminder config directory
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
owner: 911
|
owner: '911'
|
||||||
group: 911
|
group: '911'
|
||||||
mode: '700'
|
mode: '755'
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- "{{ zoneminder_config }}"
|
- "{{ zoneminder_config }}"
|
||||||
|
@ -20,8 +20,8 @@
|
||||||
- name: Create Zoneminder data directory
|
- name: Create Zoneminder data directory
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
owner: 911
|
owner: '911'
|
||||||
group: 911
|
group: '911'
|
||||||
mode: '755'
|
mode: '755'
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
|
|
|
@ -63,8 +63,8 @@ services:
|
||||||
- "TZ=Europe/Berlin"
|
- "TZ=Europe/Berlin"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.zoneminder.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
|
- "traefik.http.routers.{{ zoneminder_host }}.rule=Host(`{{ zoneminder_host}}.{{ aya01_host }}.{{ local_domain }}`)"
|
||||||
- "traefik.http.services.zoneminder.loadbalancer.server.port={{ 80 }}"
|
- "traefik.http.services.{{ zoneminder_host }}.loadbalancer.server.port=80"
|
||||||
|
|
||||||
pihole:
|
pihole:
|
||||||
container_name: pihole
|
container_name: pihole
|
||||||
|
@ -94,10 +94,10 @@ services:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.pihole.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
|
- "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
|
||||||
- "traefik.http.services.pihole.loadbalancer.server.port={{ 80 }}"
|
- "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port={{ 80 }}"
|
||||||
|
|
||||||
fyncthing:
|
syncthing:
|
||||||
container_name: syncthing
|
container_name: syncthing
|
||||||
image: syncthing/syncthing
|
image: syncthing/syncthing
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -116,24 +116,8 @@ services:
|
||||||
hostname: syncthing
|
hostname: syncthing
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.syncthing.rule=Host(`{{ syncthing_host }}.{{ aya01_host }}.{{ local_domain }}`)"
|
- "traefik.http.routers.{{ syncthing_host }}.rule=Host(`{{ syncthing_host }}.{{ aya01_host }}.{{ local_domain }}`)"
|
||||||
- "traefik.http.services.syncthing.loadbalancer.server.port={{ syncthing_port }}"
|
- "traefik.http.services.{{ syncthing_host }}.loadbalancer.server.port={{ syncthing_port }}"
|
||||||
|
|
||||||
# grafana:
|
|
||||||
# container_name: grafana
|
|
||||||
# image: grafana/grafana-oss
|
|
||||||
# restart: unless-stopped
|
|
||||||
# user: "{{ puid }}:{{ pgid }}"
|
|
||||||
# networks:
|
|
||||||
# - net
|
|
||||||
# ports:
|
|
||||||
# - 3000:3000
|
|
||||||
# volumes:
|
|
||||||
# - "{{ grafana_data }}:/var/lib/grafana/"
|
|
||||||
# - "{{ grafana_log }}:/var/log/grafana/"
|
|
||||||
# environment:
|
|
||||||
# - "GF_LOG_MODE=console file"
|
|
||||||
# hostname: grafana
|
|
||||||
|
|
||||||
soft-serve:
|
soft-serve:
|
||||||
container_name: soft-serve
|
container_name: soft-serve
|
||||||
|
@ -146,56 +130,6 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ softserve_data }}:/soft-serve"
|
- "{{ softserve_data }}:/soft-serve"
|
||||||
|
|
||||||
# prometheus:
|
|
||||||
# container_name: prometheus
|
|
||||||
# image: prom/prometheus
|
|
||||||
# restart: unless-stopped
|
|
||||||
# networks:
|
|
||||||
# - net
|
|
||||||
# ports:
|
|
||||||
# - "{{ prm_port }}:9090"
|
|
||||||
# volumes:
|
|
||||||
# - "{{ prm_config }}:/etc/prometheus"
|
|
||||||
|
|
||||||
# exporter_mikrotik:
|
|
||||||
# container_name: exporter_mikrotik
|
|
||||||
# image: "nshttpd/mikrotik-exporter:{{ e_mikrotik_version }}"
|
|
||||||
# restart: unless-stopped
|
|
||||||
# user: "{{ puid }}:{{ pgid }}"
|
|
||||||
# networks:
|
|
||||||
# - net
|
|
||||||
# ports:
|
|
||||||
# - "{{ e_mikrotik_port }}:9436"
|
|
||||||
# volumes:
|
|
||||||
# - "{{ e_mikrotik_config }}:/config"
|
|
||||||
# environment:
|
|
||||||
# - "CONFIG_FILE=/config/config.yml"
|
|
||||||
|
|
||||||
# netdata:
|
|
||||||
# container_name: netdata
|
|
||||||
# image: netdata/netdata
|
|
||||||
# restart: unless-stopped
|
|
||||||
# networks:
|
|
||||||
# - net
|
|
||||||
# ports:
|
|
||||||
# - "{{netdata_port}}:19999"
|
|
||||||
# volumes:
|
|
||||||
# - "{{netdata_config}}:/etc/netdata"
|
|
||||||
# - "{{netdata_lib}}:/var/lib/netdata"
|
|
||||||
# - "{{netdata_cache}}:/var/cache/netdata"
|
|
||||||
# - /etc/passwd:/host/etc/passwd:ro
|
|
||||||
# - /etc/group:/host/etc/group:ro
|
|
||||||
# - /proc:/host/proc:ro
|
|
||||||
# - /sys:/host/sys:ro
|
|
||||||
# - /etc/os-release:/host/etc/os-release:ro
|
|
||||||
# environment:
|
|
||||||
# - "DO_NOT_TRACK=1"
|
|
||||||
# cap_add:
|
|
||||||
# - SYS_PTRACE
|
|
||||||
# security_opt:
|
|
||||||
# - apparmor:unconfined
|
|
||||||
# hostname: "{{ aya01_host }}"
|
|
||||||
|
|
||||||
cupsd:
|
cupsd:
|
||||||
container_name: cupsd
|
container_name: cupsd
|
||||||
image: olbat/cupsd
|
image: olbat/cupsd
|
||||||
|
@ -209,8 +143,8 @@ services:
|
||||||
- "{{cupsd_config}}:/etc/cups"
|
- "{{cupsd_config}}:/etc/cups"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.cupsd.rule=Host(`{{ cupsd_host }}.{{ aya01_host }}.{{local_domain}}`)"
|
- "traefik.http.routers.{{ cupsd_host }}.rule=Host(`{{ cupsd_host }}.{{ aya01_host }}.{{local_domain}}`)"
|
||||||
- "traefik.http.services.cupsd.loadbalancer.server.port={{ cupsd_port }}"
|
- "traefik.http.services.{{ cupsd_host }}.loadbalancer.server.port={{ cupsd_port }}"
|
||||||
|
|
||||||
kuma:
|
kuma:
|
||||||
container_name: kuma
|
container_name: kuma
|
||||||
|
@ -224,11 +158,48 @@ services:
|
||||||
- "{{ kuma_config }}:/app/data"
|
- "{{ kuma_config }}:/app/data"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.kuma.rule=Host(`{{ kuma_host }}.{{ aya01_host }}.{{local_domain}}`)"
|
- "traefik.http.routers.{{kuma_host}}.rule=Host(`{{ kuma_host }}.{{ aya01_host }}.{{local_domain}}`)"
|
||||||
- "traefik.http.services.kuma.loadbalancer.server.port={{ kuma_port }}"
|
- "traefik.http.services.{{kuma_host}}.loadbalancer.server.port={{ kuma_port }}"
|
||||||
|
|
||||||
|
plex:
|
||||||
|
image: lscr.io/linuxserver/plex:latest
|
||||||
|
container_name: plex
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
ports:
|
||||||
|
- "{{ plex_port }}:32400"
|
||||||
|
- "1900:1900"
|
||||||
|
- "3005:3005"
|
||||||
|
- "5353:5353"
|
||||||
|
- "32410:32410"
|
||||||
|
- "8324:8324"
|
||||||
|
- "32412:32412"
|
||||||
|
- "32469:32469"
|
||||||
|
environment:
|
||||||
|
- PUID={{puid}}
|
||||||
|
- PGID={{pgid}}
|
||||||
|
- TZ={{timezone}}
|
||||||
|
- VERSION=docker
|
||||||
|
- PLEX_CLAIM=claim-wofbDBCEMQT8SxUs1-Rw #optional
|
||||||
|
volumes:
|
||||||
|
- "{{ plex_config }}:/config"
|
||||||
|
- "{{ plex_tv }}:/tv"
|
||||||
|
- "{{ plex_movies }}:/movies"
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.{{plex_host}}.rule=Host(`{{ plex_host }}.{{ aya01_host }}.{{local_domain}}`)"
|
||||||
|
- "traefik.http.services.{{plex_host}}.loadbalancer.server.port={{ plex_port }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
zoneminder:
|
zoneminder:
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 172.16.42.0/24
|
||||||
|
ip_range: 172.28.42.0/24
|
||||||
|
gateway: 172.16.42.1
|
||||||
net:
|
net:
|
||||||
driver: bridge
|
driver: bridge
|
||||||
ipam:
|
ipam:
|
||||||
|
|
|
@ -5,6 +5,10 @@ services:
|
||||||
container_name: swag
|
container_name: swag
|
||||||
networks:
|
networks:
|
||||||
net: {}
|
net: {}
|
||||||
|
dns:
|
||||||
|
- {{ aya01_ip }}
|
||||||
|
- {{ pi_ip }}
|
||||||
|
- 1.1.1.1
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
environment:
|
environment:
|
||||||
|
@ -13,11 +17,11 @@ services:
|
||||||
- TZ={{ timezone }}
|
- TZ={{ timezone }}
|
||||||
- URL={{ remote_domain }}
|
- URL={{ remote_domain }}
|
||||||
- VALIDATION=http
|
- VALIDATION=http
|
||||||
- SUBDOMAINS=www, #optional
|
- SUBDOMAINS={{ swag_subdomains }} #optional
|
||||||
- CERTPROVIDER= #optional
|
- CERTPROVIDER= #optional
|
||||||
- DNSPLUGIN=cloudflare #optional
|
- DNSPLUGIN=cloudflare #optional
|
||||||
- PROPAGATION= #optional
|
- PROPAGATION= #optional
|
||||||
- EMAIL= #optional
|
- EMAIL={{ swag_email }} #optional
|
||||||
- ONLY_SUBDOMAINS=false #optional
|
- ONLY_SUBDOMAINS=false #optional
|
||||||
- EXTRA_DOMAINS= #optional
|
- EXTRA_DOMAINS= #optional
|
||||||
- STAGING=false #optional
|
- STAGING=false #optional
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
|
server_name plex.tudattr.dev;
|
||||||
|
|
||||||
|
include /config/nginx/ssl.conf;
|
||||||
|
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include /config/nginx/resolver.conf;
|
||||||
|
proxy_pass http://plex.aya01.borg.land;
|
||||||
|
|
||||||
|
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
|
||||||
|
proxy_set_header X-Plex-Device $http_x_plex_device;
|
||||||
|
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
|
||||||
|
proxy_set_header X-Plex-Platform $http_x_plex_platform;
|
||||||
|
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
|
||||||
|
proxy_set_header X-Plex-Product $http_x_plex_product;
|
||||||
|
proxy_set_header X-Plex-Token $http_x_plex_token;
|
||||||
|
proxy_set_header X-Plex-Version $http_x_plex_version;
|
||||||
|
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
|
||||||
|
proxy_set_header X-Plex-Provides $http_x_plex_provides;
|
||||||
|
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
|
||||||
|
proxy_set_header X-Plex-Model $http_x_plex_model;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,17 @@
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
|
server_name status.tudattr.dev;
|
||||||
|
|
||||||
|
include /config/nginx/ssl.conf;
|
||||||
|
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include /config/nginx/resolver.conf;
|
||||||
|
proxy_pass http://uptime.aya01.borg.land;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
}
|
|
@ -10,5 +10,6 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: nmbd
|
name: nmbd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
become: true
|
become: true
|
||||||
when: smbconf.changed
|
when: smbconf.changed
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: Copy "{{ wg_config }}"
|
||||||
|
template:
|
||||||
|
src: "{{ wg_config }}"
|
||||||
|
dest: "{{ wg_remote_config }}"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0600"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Start wireguard
|
||||||
|
service:
|
||||||
|
name: "{{ wg_service }}"
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
become: true
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
- name: Update and upgrade packages
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
upgrade: true
|
||||||
|
autoremove: true
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Install WireGuard dependencies
|
||||||
|
apt:
|
||||||
|
name: "{{ wg_deps }}"
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Create resolveconf symlink Debian bug #939904
|
||||||
|
file:
|
||||||
|
src: /usr/bin/resolvectl
|
||||||
|
dest: /usr/local/bin/resolvconf
|
||||||
|
state: link
|
||||||
|
become: true
|
|
@ -0,0 +1,2 @@
|
||||||
|
- include_tasks: install.yml
|
||||||
|
- include_tasks: config.yml
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = {{ vault_wg_pk }}
|
||||||
|
Address = {{ wg_ip }}
|
||||||
|
DNS = {{ wg_dns }}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = {{ wg_pubkey }}
|
||||||
|
Endpoint = {{ wg_endpoint }}
|
||||||
|
AllowedIPs = {{ wg_allowed_ips }}
|
Loading…
Reference in New Issue