Edge VPS
Configures edge VPS instances with WireGuard VPN, Traefik reverse proxy, Pangolin, and Elastic Fleet Agent.
Requirements
- Docker and Docker Compose installed
- Ansible community.docker collection
Role Variables
WireGuard
| Variable | Default | Description |
|---|---|---|
edge_vps_wireguard_address |
10.133.7.1/24 |
WireGuard interface address |
edge_vps_wireguard_port |
61975 |
WireGuard listen port |
edge_vps_wireguard_interface |
wg0 |
WireGuard interface name |
edge_vps_wireguard_routes |
[] |
List of routes to add (network, gateway) |
Traefik
| Variable | Default | Description |
|---|---|---|
edge_vps_traefik_config_dir |
/root/config/traefik |
Traefik config directory |
edge_vps_acme_email |
- | Email for Let's Encrypt |
Pangolin
| Variable | Default | Description |
|---|---|---|
edge_vps_pangolin_dashboard_url |
- | Pangolin dashboard URL |
edge_vps_pangolin_base_endpoint |
- | Pangolin base endpoint |
edge_vps_pangolin_base_domain |
- | Base domain for Pangolin |
Elastic Agent
| Variable | Default | Description |
|---|---|---|
edge_vps_elastic_version |
9.2.2 |
Elastic Agent version |
edge_vps_elastic_fleet_url |
- | Fleet server URL |
edge_vps_elastic_dns_server |
10.43.0.10 |
DNS server for agent |
Secrets
Store secrets in vars/group_vars/vps/secrets.yaml (ansible-vault encrypted):
vault_edge_vps:
wireguard:
private_key: "..."
peers: [...]
pangolin:
server_secret: "..."
traefik:
cloudflare_api_token: "..."
elastic:
fleet_enrollment_token: "..."
Dependencies
None.
Example Playbook
- hosts: vps
roles:
- role: edge_vps
License
MIT