connectivity

1# {{ ansible_managed }}
2services:
3  {{ connectivity_wireguard_container_name }}:
4    image: {{ connectivity_wireguard_image }}:{{ connectivity_wireguard_version }}
5    container_name: {{ connectivity_wireguard_container_name }}
6    restart: unless-stopped
7    cap_add:
8      - NET_ADMIN
9      - SYS_MODULE
10    sysctls:
11      - net.ipv4.ip_forward=1
12      - net.ipv4.conf.all.src_valid_mark=1
13{% if connectivity_wg_ipv6_enabled %}
14      - net.ipv6.conf.all.disable_ipv6=0
15      - net.ipv6.conf.all.forwarding=1
16{% endif %}
17    volumes:
18      - etc_wireguard:/etc/wireguard
19      - /lib/modules:/lib/modules
20      - ./postup.sh:/opt/postup.sh:ro
21      - ./postdown.sh:/opt/postdown.sh:ro
22    ports:
23      - "{{ connectivity_wireguard_port }}:{{ connectivity_wireguard_port }}/udp"
24      - "{{ connectivity_wireguard_web_port }}:51821/tcp"
25    environment:
26      - PORT={{ connectivity_wireguard_port }}
27      - WG_HOST={{ connectivity_wireguard_host }}
28      - PASSWORD_HASH={{ connectivity_wireguard_password }}
29      - WG_POST_UP=/opt/postup.sh
30      - WG_POST_DOWN=/opt/postdown.sh
31    networks:
32      {{ connectivity_wg_network_name }}:
33
34volumes:
35  etc_wireguard:
36
37networks:
38  {{ connectivity_wg_network_name }}:
39    driver: bridge
40{% if connectivity_wg_ipv6_enabled %}
41    enable_ipv6: true
42{% endif %}
43    ipam:
44      config:
45        - subnet: {{ connectivity_wg_network_subnet }}
46{% if connectivity_wg_ipv6_enabled %}
47        - subnet: {{ connectivity_wg_network_subnet_v6 }}
48{% endif %}
49