connectivity

Ansible role that deploys my connectivity device.

4.1 KB•YML

main.yml

4.1 KB • 99 lines • yaml

1---
2# ==============================================================================
3# CONNECTIVITY ROLE DEFAULT CONFIGURATION
4# ==============================================================================
5# Override in host_vars or group_vars as needed
6
7# ==============================================================================
8# GENERAL SETTINGS
9# ==============================================================================
10connectivity_docker_base_path: /docker
11connectivity_docker_owner: ansible
12connectivity_docker_group: users
13connectivity_docker_mode: "0775"
14connectivity_timezone: "{{ system_timezone }}"
15
16# Service directories to create under docker base path
17connectivity_docker_service_directories:
18  - wireguard
19  - reverse-proxy
20  - pihole
21  - ddns
22
23# ==============================================================================
24# SERVICE ENABLEMENT
25# ==============================================================================
26connectivity_wireguard_enabled: true
27connectivity_npm_enabled: true
28connectivity_dns_stack_enabled: true
29connectivity_ddns_enabled: true
30
31# ==============================================================================
32# WIREGUARD VPN CONFIGURATION
33# ==============================================================================
34connectivity_wireguard_container_name: wg-easy
35connectivity_wireguard_port: 51820
36connectivity_wireguard_web_port: 51821
37
38# WireGuard host â the external FQDN/IP clients connect to
39connectivity_wireguard_host: "{{ vault_connectivity.wireguard_host | default('changeme') }}"
40connectivity_wireguard_password: "{{ vault_connectivity.wireguard_password | default('changeme') }}"
41
42# Docker network for WireGuard + NPM bridge
43connectivity_wg_network_name: wg
44connectivity_wg_network_subnet: "10.20.0.0/24"
45connectivity_wg_network_subnet_v6: "fdcc:ad94:bacf:61a3::/64"
46connectivity_wg_ipv6_enabled: true
47
48# NPM sits on the WG network at this IP so PostUp DNAT rules can forward to it
49connectivity_npm_ip: "10.20.0.9"
50
51# Ports forwarded via DNAT from WireGuard to NPM (HTTP/HTTPS)
52connectivity_wg_dnat_ports:
53  - 80
54  - 443
55
56# ==============================================================================
57# NGINX PROXY MANAGER CONFIGURATION
58# ==============================================================================
59connectivity_npm_container_name: npm
60connectivity_npm_admin_port: 81
61
62# ==============================================================================
63# DNS STACK CONFIGURATION (Pi-hole + Unbound)
64# ==============================================================================
65
66# Pi-hole settings
67connectivity_pihole_container_name: pihole
68connectivity_pihole_web_port: 8080
69connectivity_pihole_https_port: 4443
70connectivity_pihole_dns_port: 53
71connectivity_pihole_dhcp_port: 67
72connectivity_pihole_dhcp_enabled: true
73connectivity_pihole_password: "{{ vault_connectivity.pihole_password | default('changeme') }}"
74connectivity_pihole_timezone: "{{ connectivity_timezone }}"
75connectivity_pihole_local_ip: "{{ ansible_default_ipv4.address }}"
76
77# DNS network
78connectivity_dns_network_name: dns
79connectivity_dns_network_subnet: "10.1.0.0/16"
80connectivity_pihole_ip: "10.1.0.2"
81connectivity_unbound_ip: "10.1.0.3"
82
83# Unbound settings
84connectivity_unbound_container_name: unbound
85connectivity_unbound_host_port: 5335
86
87# ==============================================================================
88# DDNS (ddclient) CONFIGURATION
89# ==============================================================================
90connectivity_ddns_container_name: ddclient
91connectivity_ddns_protocol: cloudflare
92connectivity_ddns_cloudflare_token: "{{ vault_connectivity.ddns_cloudflare_token | default('changeme') }}"
93connectivity_ddns_cloudflare_zone: "{{ vault_connectivity.ddns_cloudflare_zone | default('example.com') }}"
94connectivity_ddns_hostname_vpn: "{{ vault_connectivity.ddns_hostname_vpn | default('wg.example.com') }}"
95connectivity_ddns_hostname_root: "{{ vault_connectivity.ddns_hostname_root | default('example.com') }}"
96connectivity_ddns_daemon_interval: 300
97connectivity_ddns_ssl: "yes"
98connectivity_ddns_use_web: "web=googledomains https://domains.google.com/checkip"
99

1--- 2# ============================================================================== 3# CONNECTIVITY ROLE DEFAULT CONFIGURATION 4# ============================================================================== 5# Override in host_vars or group_vars as needed 6 7# ============================================================================== 8# GENERAL SETTINGS 9# ============================================================================== 10connectivity_docker_base_path: /docker 11connectivity_docker_owner: ansible 12connectivity_docker_group: users 13connectivity_docker_mode: "0775" 14connectivity_timezone: "{{ system_timezone }}" 15 16# Service directories to create under docker base path 17connectivity_docker_service_directories: 18 - wireguard 19 - reverse-proxy 20 - pihole 21 - ddns 22 23# ============================================================================== 24# SERVICE ENABLEMENT 25# ============================================================================== 26connectivity_wireguard_enabled: true 27connectivity_npm_enabled: true 28connectivity_dns_stack_enabled: true 29connectivity_ddns_enabled: true 30 31# ============================================================================== 32# WIREGUARD VPN CONFIGURATION 33# ============================================================================== 34connectivity_wireguard_container_name: wg-easy 35connectivity_wireguard_port: 51820 36connectivity_wireguard_web_port: 51821 37 38# WireGuard host â the external FQDN/IP clients connect to 39connectivity_wireguard_host: "{{ vault_connectivity.wireguard_host | default('changeme') }}" 40connectivity_wireguard_password: "{{ vault_connectivity.wireguard_password | default('changeme') }}" 41 42# Docker network for WireGuard + NPM bridge 43connectivity_wg_network_name: wg 44connectivity_wg_network_subnet: "10.20.0.0/24" 45connectivity_wg_network_subnet_v6: "fdcc:ad94:bacf:61a3::/64" 46connectivity_wg_ipv6_enabled: true 47 48# NPM sits on the WG network at this IP so PostUp DNAT rules can forward to it 49connectivity_npm_ip: "10.20.0.9" 50 51# Ports forwarded via DNAT from WireGuard to NPM (HTTP/HTTPS) 52connectivity_wg_dnat_ports: 53 - 80 54 - 443 55 56# ============================================================================== 57# NGINX PROXY MANAGER CONFIGURATION 58# ============================================================================== 59connectivity_npm_container_name: npm 60connectivity_npm_admin_port: 81 61 62# ============================================================================== 63# DNS STACK CONFIGURATION (Pi-hole + Unbound) 64# ============================================================================== 65 66# Pi-hole settings 67connectivity_pihole_container_name: pihole 68connectivity_pihole_web_port: 8080 69connectivity_pihole_https_port: 4443 70connectivity_pihole_dns_port: 53 71connectivity_pihole_dhcp_port: 67 72connectivity_pihole_dhcp_enabled: true 73connectivity_pihole_password: "{{ vault_connectivity.pihole_password | default('changeme') }}" 74connectivity_pihole_timezone: "{{ connectivity_timezone }}" 75connectivity_pihole_local_ip: "{{ ansible_default_ipv4.address }}" 76 77# DNS network 78connectivity_dns_network_name: dns 79connectivity_dns_network_subnet: "10.1.0.0/16" 80connectivity_pihole_ip: "10.1.0.2" 81connectivity_unbound_ip: "10.1.0.3" 82 83# Unbound settings 84connectivity_unbound_container_name: unbound 85connectivity_unbound_host_port: 5335 86 87# ============================================================================== 88# DDNS (ddclient) CONFIGURATION 89# ============================================================================== 90connectivity_ddns_container_name: ddclient 91connectivity_ddns_protocol: cloudflare 92connectivity_ddns_cloudflare_token: "{{ vault_connectivity.ddns_cloudflare_token | default('changeme') }}" 93connectivity_ddns_cloudflare_zone: "{{ vault_connectivity.ddns_cloudflare_zone | default('example.com') }}" 94connectivity_ddns_hostname_vpn: "{{ vault_connectivity.ddns_hostname_vpn | default('wg.example.com') }}" 95connectivity_ddns_hostname_root: "{{ vault_connectivity.ddns_hostname_root | default('example.com') }}" 96connectivity_ddns_daemon_interval: 300 97connectivity_ddns_ssl: "yes" 98connectivity_ddns_use_web: "web=googledomains https://domains.google.com/checkip" 99