feat: add WireGuard service deployment and configuration

config/ansible/tasks/servers/server.yml

@@ -43,3 +43,5 @@
             enabled: true
           - name: downloaders
             enabled: true
+          - name: wireguard
+            enabled: true

config/ansible/tasks/servers/services/wireguard/docker-compose.yml.j2

@@ -0,0 +1,19 @@
+services:
+  wireguard:
+    image: lscr.io/linuxserver/wireguard:latest
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PUID=1000
+      - PGID=100
+      - TZ=Europe/Amsterdam
+      - SERVERURL=mvl.sh
+      - PEERS=work-laptop,phone,desktop,personal-laptop
+      - ALLOWEDIPS=0.0.0.0/0, ::/0
+    volumes:
+      - "{{ wireguard_data_dir }}/wg-data:/config"
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped

config/ansible/tasks/servers/services/wireguard/wireguard.yml

@@ -0,0 +1,28 @@
+---
+- name: Deploy WireGuard service
+  block:
+    - name: Set WireGuard directories
+      ansible.builtin.set_fact:
+        wireguard_service_dir: "{{ ansible_env.HOME }}/services/wireguard"
+        wireguard_data_dir: "/mnt/object_storage/services/wireguard"
+
+    - name: Create WireGuard directory
+      ansible.builtin.file:
+        path: "{{ wireguard_service_dir }}"
+        state: directory
+        mode: "0755"
+
+    - name: Deploy WireGuard docker-compose.yml
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ wireguard_service_dir }}/docker-compose.yml"
+        mode: "0644"
+      register: wireguard_compose
+
+    - name: Stop WireGuard service
+      ansible.builtin.command: docker compose -f "{{ wireguard_service_dir }}/docker-compose.yml" down --remove-orphans
+      when: wireguard_compose.changed
+
+    - name: Start WireGuard service
+      ansible.builtin.command: docker compose -f "{{ wireguard_service_dir }}/docker-compose.yml" up -d
+      when: wireguard_compose.changed