diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index a7dc8e9..340e957 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -9,6 +9,7 @@ server: subnet: 192.168.1.0/24 ip: 192.168.1.254 reverse_proxy_ip: 192.168.1.254 + dns_ip: 192.168.1.254 port: 22 peers: test diff --git a/roles/wireguard/templates/docker-compose.yml.j2 b/roles/wireguard/templates/docker-compose.yml.j2 index 0761f82..948082c 100644 --- a/roles/wireguard/templates/docker-compose.yml.j2 +++ b/roles/wireguard/templates/docker-compose.yml.j2 @@ -3,6 +3,7 @@ version: '3' services: wireguard: image: lscr.io/linuxserver/wireguard:latest + restart: always container_name: wireguard cap_add: - NET_ADMIN @@ -14,7 +15,7 @@ services: - SERVERURL=vpn.mrdev023.fr - SERVERPORT={{ server.vpn.port }} - ALLOWEDIPS={{ server.vpn.subnet }} - - PEERDNS=8.8.8.8 + - PEERDNS={{ server.vpn.dns_ip }} - PEERS={{ server.vpn.peers }} - LOG_CONFS=false volumes: @@ -27,8 +28,30 @@ services: ipv4_address: {{ server.vpn.ip }} sysctls: - net.ipv4.conf.all.src_valid_mark=1 - restart: unless-stopped + + adguardhome: + image: adguard/adguardhome:latest + restart: always + container_name: adguardhome + volumes: + - {{ server.work_dir }}/adguardhome/work:/opt/adguardhome/work + - {{ server.work_dir }}/adguardhome/conf:/opt/adguardhome/conf + labels: + - "traefik.enable=true" + - "traefik.http.routers.adguardhome-secure.entrypoints=https" + - "traefik.http.routers.adguardhome-secure.rule=Host(`dns.{{ server.domain }}`)" + - "traefik.http.routers.adguardhome-secure.tls=true" + - "traefik.http.routers.adguardhome-secure.tls.certresolver=sslResolver" + - "traefik.http.routers.adguardhome-secure.middlewares=private-network@file" + - "traefik.port=3000" + - "traefik.docker.network=proxy" + networks: + proxy: {} + vpn: + ipv4_address: {{ server.vpn.dns_ip }} networks: + proxy: + external: true vpn: external: true