From 54a7fe64ba3c6df2084c914feafe3c890165a078 Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Tue, 25 Mar 2025 15:16:22 +0100
Subject: [PATCH] feat: add WireGuard service deployment and configuration

---
 config/ansible/tasks/servers/server.yml       |  2 ++
 .../services/wireguard/docker-compose.yml.j2  | 19 +++++++++++++
 .../servers/services/wireguard/wireguard.yml  | 28 +++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 config/ansible/tasks/servers/services/wireguard/docker-compose.yml.j2
 create mode 100644 config/ansible/tasks/servers/services/wireguard/wireguard.yml

diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml
index 07dafff..49b95ef 100644
--- a/config/ansible/tasks/servers/server.yml
+++ b/config/ansible/tasks/servers/server.yml
@@ -43,3 +43,5 @@
             enabled: true
           - name: downloaders
             enabled: true
+          - name: wireguard
+            enabled: true
diff --git a/config/ansible/tasks/servers/services/wireguard/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/wireguard/docker-compose.yml.j2
new file mode 100644
index 0000000..5093e66
--- /dev/null
+++ b/config/ansible/tasks/servers/services/wireguard/docker-compose.yml.j2
@@ -0,0 +1,19 @@
+services:
+  wireguard:
+    image: lscr.io/linuxserver/wireguard:latest
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PUID=1000
+      - PGID=100
+      - TZ=Europe/Amsterdam
+      - SERVERURL=mvl.sh
+      - PEERS=work-laptop,phone,desktop,personal-laptop
+      - ALLOWEDIPS=0.0.0.0/0, ::/0
+    volumes:
+      - "{{ wireguard_data_dir }}/wg-data:/config"
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped
diff --git a/config/ansible/tasks/servers/services/wireguard/wireguard.yml b/config/ansible/tasks/servers/services/wireguard/wireguard.yml
new file mode 100644
index 0000000..26bd154
--- /dev/null
+++ b/config/ansible/tasks/servers/services/wireguard/wireguard.yml
@@ -0,0 +1,28 @@
+---
+- name: Deploy WireGuard service
+  block:
+    - name: Set WireGuard directories
+      ansible.builtin.set_fact:
+        wireguard_service_dir: "{{ ansible_env.HOME }}/services/wireguard"
+        wireguard_data_dir: "/mnt/object_storage/services/wireguard"
+
+    - name: Create WireGuard directory
+      ansible.builtin.file:
+        path: "{{ wireguard_service_dir }}"
+        state: directory
+        mode: "0755"
+
+    - name: Deploy WireGuard docker-compose.yml
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ wireguard_service_dir }}/docker-compose.yml"
+        mode: "0644"
+      register: wireguard_compose
+
+    - name: Stop WireGuard service
+      ansible.builtin.command: docker compose -f "{{ wireguard_service_dir }}/docker-compose.yml" down --remove-orphans
+      when: wireguard_compose.changed
+
+    - name: Start WireGuard service
+      ansible.builtin.command: docker compose -f "{{ wireguard_service_dir }}/docker-compose.yml" up -d
+      when: wireguard_compose.changed