From 0a94388702522dc313680c0c7c51387f590b651c Mon Sep 17 00:00:00 2001 From: Morten Amundsen Date: Fri, 2 Aug 2024 11:41:42 +0000 Subject: [PATCH] chore: various improvements (#17) * chore: increase default timeout * chore: inherit from 'parent service' by default * chore: remove deprecated var * chore: ensure consistent 'port' var names * chore: remove obsolete var * fix(compose-template): set hostname for services * fix: set appropriate file permissions on templated files * feat(unifi): use vars for ports * chore: use new role dir name --- defaults/main/authentik.yml | 2 ++ defaults/main/godns.yml | 2 ++ defaults/main/graylog.yml | 2 ++ defaults/main/main.yml | 13 ++++++------- defaults/main/pihole.yml | 4 ++-- defaults/main/unifi.yml | 20 ++++++++++++++++++++ defaults/main/uptimekuma.yml | 2 ++ defaults/main/vaultwarden.yml | 2 ++ defaults/main/wireguard.yml | 4 +++- tasks/deploy_authentik.yml | 2 +- tasks/deploy_godns.yml | 4 ++-- tasks/deploy_graylog.yml | 2 +- tasks/deploy_pihole.yml | 4 ++-- tasks/deploy_unifi.yml | 2 +- tasks/deploy_uptimekuma.yml | 2 +- tasks/deploy_vaultwarden.yml | 2 +- tasks/deploy_wireguard.yml | 2 +- templates/compose/authentik.yml.j2 | 4 ++++ templates/compose/godns.yml.j2 | 1 + templates/compose/graylog.yml.j2 | 3 +++ templates/compose/pihole.yml.j2 | 10 +++++++--- templates/compose/unifi.yml.j2 | 20 +++++++++++--------- templates/compose/uptimekuma.yml.j2 | 1 + templates/compose/vaultwarden.yml.j2 | 1 + templates/compose/wireguard.yml.j2 | 4 +++- vars/main/unifi.yml | 12 ------------ vars/main/wireguard.yml | 2 +- 27 files changed, 83 insertions(+), 46 deletions(-) diff --git a/defaults/main/authentik.yml b/defaults/main/authentik.yml index b5c252f..d30fce7 100644 --- a/defaults/main/authentik.yml +++ b/defaults/main/authentik.yml @@ -56,6 +56,8 @@ infra_authentik_directory_group: "{{ infra_directory_group }}" infra_authentik_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_authentik_file_mode: "{{ infra_file_mode }}" # authentik compose file path infra_authentik_compose_path: "{{ infra_authentik_directory_path }}/compose.yml" # authentik env file path diff --git a/defaults/main/godns.yml b/defaults/main/godns.yml index 4d8225c..f5deb8c 100644 --- a/defaults/main/godns.yml +++ b/defaults/main/godns.yml @@ -50,6 +50,8 @@ infra_godns_directory_group: "{{ infra_directory_group }}" infra_godns_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_godns_file_mode: "{{ infra_file_mode }}" # godns compose file path infra_godns_compose_path: "{{ infra_godns_directory_path }}/compose.yml" # godns env file path diff --git a/defaults/main/graylog.yml b/defaults/main/graylog.yml index a1edad4..1fb054a 100644 --- a/defaults/main/graylog.yml +++ b/defaults/main/graylog.yml @@ -47,6 +47,8 @@ infra_graylog_directory_group: "{{ infra_directory_group }}" infra_graylog_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_graylog_file_mode: "{{ infra_file_mode }}" # graylog compose file path infra_graylog_compose_path: "{{ infra_graylog_directory_path }}/compose.yml" # graylog env file path diff --git a/defaults/main/main.yml b/defaults/main/main.yml index 828843e..de03f08 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -20,29 +20,28 @@ infra_domain_ext: ~ # Manage directories infra_manage_directories: true # Directory to store service data -infra_directory_path: '/opt/infra' +infra_directory_path: '/opt/netr0m.infra' # Default permissions infra_directory_owner: "{{ infra_user_name }}" infra_directory_group: "{{ infra_group_name }}" infra_directory_mode: 740 +infra_file_mode: 640 ### Docker ### # Default restart policy infra_restart_policy: always # Max. wait time for compose deployment -infra_compose_wait_timeout: 60 +infra_compose_wait_timeout: 120 ### Services ### -# Whether to force pull container images -infra_force_pull: false # Configure Graylog infra_use_graylog: true # Configure MongoDB for the Graylog server -infra_use_graylog_db: true +infra_use_graylog_db: "{{ infra_use_graylog }}" # Configure PiHole infra_use_pihole: true # Configure unbound as a recursive DNS resolver for pihole -infra_use_unbound: true +infra_use_unbound: "{{ infra_use_pihole }}" # Configure Unifi Controller infra_use_unifi: false # Configure MongoDB for the Unifi Controller @@ -50,7 +49,7 @@ infra_use_unifi_db: "{{ infra_use_unifi }}" # Configure wireguard infra_use_wireguard: false # Configure wireguard-ui -infra_use_wireguard_ui: false +infra_use_wireguard_ui: "{{ infra_use_wireguard }}" # Configure Vaultwarden infra_use_vaultwarden: true # Configure Authentik diff --git a/defaults/main/pihole.yml b/defaults/main/pihole.yml index 3545694..0a7a381 100644 --- a/defaults/main/pihole.yml +++ b/defaults/main/pihole.yml @@ -61,9 +61,9 @@ infra_pihole_restart_policy: "{{ infra_restart_policy }}" # Memory limit for the pihole container infra_pihole_container_memory: 2g # Host port for the web UI -infra_pihole_container_port_web: 8053 +infra_pihole_port_web: 8053 # Host port for the DNS service -infra_pihole_container_port_dns: 53 +infra_pihole_port_dns: 53 # Max. wait time for pihole compose deployment infra_pihole_compose_wait_timeout: 300 diff --git a/defaults/main/unifi.yml b/defaults/main/unifi.yml index 1b5abfb..7be16cc 100644 --- a/defaults/main/unifi.yml +++ b/defaults/main/unifi.yml @@ -34,6 +34,8 @@ infra_unifi_directory_group: "{{ infra_directory_group }}" infra_unifi_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_unifi_file_mode: "{{ infra_file_mode }}" # unifi compose file path infra_unifi_compose_path: "{{ infra_unifi_directory_path }}/compose.yml" # unifi env file path @@ -70,6 +72,24 @@ infra_unifi_restart_policy: "{{ infra_restart_policy }}" infra_unifi_container_memory: 4g # Memory limit for the unifi MongoDB container infra_unifi_db_container_memory: 1g +# Admin UI port for the unifi server +infra_unifi_port_admin: 8443 +# Device communications port for the unifi server +infra_unifi_port_device_comms: 8080 +# Guest portal (https) port for the unifi server +infra_unifi_port_guest_portal_https: 8843 +# Guest portal (http) port for the unifi server +infra_unifi_port_guest_portal_http: 8880 +# Mobile throughput test port for the unifi server +infra_unifi_port_throughput: 6789 +# STUN port for the unifi server +infra_unifi_port_stun: 3478 +# AP Discovery port for the unifi server +infra_unifi_port_discovery: 10001 +# Layer 2 discovery port for the unifi server +infra_unifi_port_l2_discovery: 1900 +# Syslog port for the unifi server +infra_unifi_port_syslog: 5514 ## Docker volume configs # Name of the config Docker volume diff --git a/defaults/main/uptimekuma.yml b/defaults/main/uptimekuma.yml index 52dc410..4d69310 100644 --- a/defaults/main/uptimekuma.yml +++ b/defaults/main/uptimekuma.yml @@ -17,6 +17,8 @@ infra_uptimekuma_directory_group: "{{ infra_directory_group }}" infra_uptimekuma_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_uptimekuma_file_mode: "{{ infra_file_mode }}" # uptime-kuma compose file path infra_uptimekuma_compose_path: "{{ infra_uptimekuma_directory_path }}/compose.yml" # uptime-kuma env file path diff --git a/defaults/main/vaultwarden.yml b/defaults/main/vaultwarden.yml index 39692cd..14b14c1 100644 --- a/defaults/main/vaultwarden.yml +++ b/defaults/main/vaultwarden.yml @@ -26,6 +26,8 @@ infra_vaultwarden_directory_group: "{{ infra_directory_group }}" infra_vaultwarden_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_vaultwarden_file_mode: "{{ infra_file_mode }}" # vaultwarden compose file path infra_vaultwarden_compose_path: "{{ infra_vaultwarden_directory_path }}/compose.yml" # vaultwarden env file path diff --git a/defaults/main/wireguard.yml b/defaults/main/wireguard.yml index d32056d..7a7b2a5 100644 --- a/defaults/main/wireguard.yml +++ b/defaults/main/wireguard.yml @@ -26,7 +26,7 @@ infra_wireguard_allowed_ips: '0.0.0.0/0, ::0/0' # Internal subnet for wireguard infra_wireguard_internal_subnet: 10.13.13.0 # Host port to use for the wireguard VPN -infra_wireguard_container_port_vpn: 51820 +infra_wireguard_port_vpn: 51820 # Username for wireguard-ui infra_wireguard_ui_username: admin # Whether wireguard-ui should start/restart the wireguard service @@ -47,6 +47,8 @@ infra_wireguard_directory_group: "{{ infra_directory_group }}" infra_wireguard_directory_mode: "{{ infra_directory_mode }}" ## File paths +# File mode +infra_wireguard_file_mode: "{{ infra_file_mode }}" # wireguard compose file path infra_wireguard_compose_path: "{{ infra_wireguard_directory_path }}/compose.yml" # wireguard env file path diff --git a/tasks/deploy_authentik.yml b/tasks/deploy_authentik.yml index 6e9b236..a3ce9ae 100644 --- a/tasks/deploy_authentik.yml +++ b/tasks/deploy_authentik.yml @@ -51,7 +51,7 @@ dest: "{{ infra_authentik_compose_path }}" owner: "{{ infra_authentik_directory_owner }}" group: "{{ infra_authentik_directory_group }}" - mode: "{{ infra_authentik_directory_mode }}" + mode: "{{ infra_authentik_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/tasks/deploy_godns.yml b/tasks/deploy_godns.yml index ddd0b76..a12fbd8 100644 --- a/tasks/deploy_godns.yml +++ b/tasks/deploy_godns.yml @@ -15,7 +15,7 @@ dest: "{{ infra_godns_config_file_path }}" owner: "{{ infra_godns_directory_owner }}" group: "{{ infra_godns_directory_group }}" - mode: "{{ infra_godns_directory_mode }}" + mode: "{{ infra_godns_file_mode }}" backup: true register: godns_config_file_output @@ -37,7 +37,7 @@ dest: "{{ infra_godns_compose_path }}" owner: "{{ infra_godns_directory_owner }}" group: "{{ infra_godns_directory_group }}" - mode: "{{ infra_godns_directory_mode }}" + mode: "{{ infra_godns_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/tasks/deploy_graylog.yml b/tasks/deploy_graylog.yml index aafbc2b..7ac81c5 100644 --- a/tasks/deploy_graylog.yml +++ b/tasks/deploy_graylog.yml @@ -99,7 +99,7 @@ dest: "{{ infra_graylog_compose_path }}" owner: "{{ infra_graylog_directory_owner }}" group: "{{ infra_graylog_directory_group }}" - mode: "{{ infra_graylog_directory_mode }}" + mode: "{{ infra_graylog_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/tasks/deploy_pihole.yml b/tasks/deploy_pihole.yml index dc40d68..8ae6a09 100644 --- a/tasks/deploy_pihole.yml +++ b/tasks/deploy_pihole.yml @@ -139,8 +139,8 @@ ansible.builtin.template: src: etc/dnsmasq.d/99-edns.conf.j2 dest: "{{ infra_pihole_dnsmasq_edns_conf_file_path }}" - owner: "{{ infra_pihole_directory_owner }}" - group: "{{ infra_pihole_directory_group }}" + owner: "{{ infra_pihole_dnsmasq_edns_conf_file_owner }}" + group: "{{ infra_pihole_dnsmasq_edns_conf_file_group }}" mode: "{{ infra_pihole_dnsmasq_edns_conf_file_mode }}" backup: true register: pihole_dnsmasq_edns_config_file_output diff --git a/tasks/deploy_unifi.yml b/tasks/deploy_unifi.yml index 21b1d1d..26f5a5d 100644 --- a/tasks/deploy_unifi.yml +++ b/tasks/deploy_unifi.yml @@ -49,7 +49,7 @@ dest: "{{ infra_unifi_compose_path }}" owner: "{{ infra_unifi_directory_owner }}" group: "{{ infra_unifi_directory_group }}" - mode: "{{ infra_unifi_directory_mode }}" + mode: "{{ infra_unifi_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/tasks/deploy_uptimekuma.yml b/tasks/deploy_uptimekuma.yml index ca0854d..6f38d5b 100644 --- a/tasks/deploy_uptimekuma.yml +++ b/tasks/deploy_uptimekuma.yml @@ -27,7 +27,7 @@ dest: "{{ infra_uptimekuma_compose_path }}" owner: "{{ infra_uptimekuma_directory_owner }}" group: "{{ infra_uptimekuma_directory_group }}" - mode: "{{ infra_uptimekuma_directory_mode }}" + mode: "{{ infra_uptimekuma_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/tasks/deploy_vaultwarden.yml b/tasks/deploy_vaultwarden.yml index b31e693..1cc9586 100644 --- a/tasks/deploy_vaultwarden.yml +++ b/tasks/deploy_vaultwarden.yml @@ -27,7 +27,7 @@ dest: "{{ infra_vaultwarden_compose_path }}" owner: "{{ infra_vaultwarden_directory_owner }}" group: "{{ infra_vaultwarden_directory_group }}" - mode: "{{ infra_vaultwarden_directory_mode }}" + mode: "{{ infra_vaultwarden_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/tasks/deploy_wireguard.yml b/tasks/deploy_wireguard.yml index eac7c48..6467aae 100644 --- a/tasks/deploy_wireguard.yml +++ b/tasks/deploy_wireguard.yml @@ -59,7 +59,7 @@ dest: "{{ infra_wireguard_compose_path }}" owner: "{{ infra_wireguard_directory_owner }}" group: "{{ infra_wireguard_directory_group }}" - mode: "{{ infra_wireguard_directory_mode }}" + mode: "{{ infra_wireguard_file_mode }}" backup: true validate: docker compose -f %s config -q register: compose_file_output diff --git a/templates/compose/authentik.yml.j2 b/templates/compose/authentik.yml.j2 index 45f48b3..27caee1 100644 --- a/templates/compose/authentik.yml.j2 +++ b/templates/compose/authentik.yml.j2 @@ -3,6 +3,7 @@ services: {{ infra_authentik_redis_service_name }}: image: {{ infra_authentik_redis_container_image }} container_name: {{ infra_authentik_redis_container_hostname }} + hostname: {{ infra_authentik_redis_container_hostname }} restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -23,6 +24,7 @@ services: {{ infra_authentik_db_service_name }}: image: {{ infra_authentik_db_container_image }} container_name: {{ infra_authentik_db_container_hostname }} + hostname: {{ infra_authentik_db_container_hostname }} restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -45,6 +47,7 @@ services: {{ infra_authentik_service_name }}: image: {{ infra_authentik_container_image }} container_name: {{ infra_authentik_container_hostname }} + hostname: {{ infra_authentik_container_hostname }} restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -76,6 +79,7 @@ services: {{ infra_authentik_worker_service_name }}: image: {{ infra_authentik_container_image }} container_name: {{ infra_authentik_worker_container_hostname }} + hostname: {{ infra_authentik_worker_container_hostname }} restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} diff --git a/templates/compose/godns.yml.j2 b/templates/compose/godns.yml.j2 index c4243b8..53131f5 100644 --- a/templates/compose/godns.yml.j2 +++ b/templates/compose/godns.yml.j2 @@ -3,6 +3,7 @@ services: {{ infra_godns_service_name }}: image: {{ infra_godns_container_image }} container_name: {{ infra_godns_container_hostname }} + hostname: {{ infra_godns_container_hostname }} restart: {{ infra_godns_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} diff --git a/templates/compose/graylog.yml.j2 b/templates/compose/graylog.yml.j2 index 9899628..fce426d 100644 --- a/templates/compose/graylog.yml.j2 +++ b/templates/compose/graylog.yml.j2 @@ -4,6 +4,7 @@ services: {{ infra_graylog_db_service_name }}: image: {{ infra_graylog_db_container_image }} container_name: {{ infra_graylog_db_container_hostname }} + hostname: {{ infra_graylog_db_container_hostname }} restart: {{ infra_graylog_restart_policy | default(infra_restart_policy) }} logging: driver: {{ infra_graylog_log_driver }} @@ -23,6 +24,7 @@ services: {{ infra_graylog_opensearch_service_name }}: image: {{ infra_graylog_opensearch_container_image }} container_name: {{ infra_graylog_opensearch_container_hostname }} + hostname: {{ infra_graylog_opensearch_container_hostname }} restart: {{ infra_graylog_restart_policy | default(infra_restart_policy) }} logging: driver: {{ infra_graylog_log_driver }} @@ -44,6 +46,7 @@ services: {{ infra_graylog_service_name }}: image: {{ infra_graylog_container_image }} container_name: {{ infra_graylog_container_hostname }} + hostname: {{ infra_graylog_container_hostname }} restart: {{ infra_graylog_restart_policy | default(infra_restart_policy) }} logging: driver: {{ infra_graylog_log_driver }} diff --git a/templates/compose/pihole.yml.j2 b/templates/compose/pihole.yml.j2 index 4917749..e03f0c9 100644 --- a/templates/compose/pihole.yml.j2 +++ b/templates/compose/pihole.yml.j2 @@ -4,6 +4,7 @@ services: {{ infra_unbound_service_name }}: image: {{ infra_unbound_container_image }} container_name: {{ infra_unbound_container_hostname }} + hostname: {{ infra_unbound_container_hostname }} restart: {{ infra_unbound_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -23,6 +24,7 @@ services: {{ infra_pihole_service_name }}: image: {{ infra_pihole_container_image }} container_name: {{ infra_pihole_container_hostname }} + hostname: {{ infra_pihole_container_hostname }} restart: {{ infra_pihole_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -65,10 +67,12 @@ services: {% endif %} - {{ svc_docker_network_name }} ports: - - {{ infra_pihole_container_port_dns }}:53/tcp - - {{ infra_pihole_container_port_dns }}:53/udp - - {{ infra_pihole_container_port_web }}:80/tcp + - {{ infra_pihole_port_dns }}:53/tcp + - {{ infra_pihole_port_dns }}:53/udp + - {{ infra_pihole_port_web }}:80/tcp extra_hosts: {{ infra_pihole_extra_hosts }} + group_add: + - {{ infra_group_gid }} {% if infra_use_unbound %} depends_on: - {{ infra_unbound_service_name }} diff --git a/templates/compose/unifi.yml.j2 b/templates/compose/unifi.yml.j2 index cba4c49..736ab7f 100644 --- a/templates/compose/unifi.yml.j2 +++ b/templates/compose/unifi.yml.j2 @@ -4,6 +4,7 @@ services: {{ infra_unifi_db_service_name }}: image: {{ infra_unifi_db_container_image }} container_name: {{ infra_unifi_db_container_hostname }} + hostname: {{ infra_unifi_db_container_hostname }} restart: {{ infra_unifi_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -19,6 +20,7 @@ services: {{ infra_unifi_service_name }}: image: {{ infra_unifi_container_image }} container_name: {{ infra_unifi_container_hostname }} + hostname: {{ infra_unifi_container_hostname }} restart: {{ infra_unifi_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -46,15 +48,15 @@ services: - default - {{ svc_docker_network_name }} ports: - - 8443:8443 - - 3478:3478/udp - - 10001:10001/udp - - 8080:8080 - - 1900:1900/udp - - 8843:8843 - - 8880:8880 - - 6789:6789 - - 5514:5514/udp + - {{ infra_unifi_port_admin }}:8443 + - {{ infra_unifi_port_stun }}:3478/udp + - {{ infra_unifi_port_discovery }}:10001/udp + - {{ infra_unifi_port_device_comms }}:8080 + - {{ infra_unifi_port_l2_discovery }}:1900/udp + - {{ infra_unifi_port_guest_portal_https }}:8843 + - {{ infra_unifi_port_guest_portal_http }}:8880 + - {{ infra_unifi_port_throughput }}:6789 + - {{ infra_unifi_port_syslog }}:5514/udp {% if infra_use_unifi_db %} depends_on: - {{ infra_unifi_db_service_name }} diff --git a/templates/compose/uptimekuma.yml.j2 b/templates/compose/uptimekuma.yml.j2 index e8993ae..242f786 100644 --- a/templates/compose/uptimekuma.yml.j2 +++ b/templates/compose/uptimekuma.yml.j2 @@ -3,6 +3,7 @@ services: {{ infra_uptimekuma_service_name }}: image: {{ infra_uptimekuma_container_image }} container_name: {{ infra_uptimekuma_container_hostname }} + hostname: {{ infra_uptimekuma_container_hostname }} restart: {{ infra_uptimekuma_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} diff --git a/templates/compose/vaultwarden.yml.j2 b/templates/compose/vaultwarden.yml.j2 index df2aaba..b4ffaea 100644 --- a/templates/compose/vaultwarden.yml.j2 +++ b/templates/compose/vaultwarden.yml.j2 @@ -3,6 +3,7 @@ services: {{ infra_vaultwarden_service_name }}: image: {{ infra_vaultwarden_container_image }} container_name: {{ infra_vaultwarden_container_hostname }} + hostname: {{ infra_vaultwarden_container_hostname }} restart: {{ infra_vaultwarden_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} diff --git a/templates/compose/wireguard.yml.j2 b/templates/compose/wireguard.yml.j2 index 59da0c8..48a1cd9 100644 --- a/templates/compose/wireguard.yml.j2 +++ b/templates/compose/wireguard.yml.j2 @@ -3,6 +3,7 @@ services: {{ infra_wireguard_service_name }}: image: {{ infra_wireguard_container_image }} container_name: {{ infra_wireguard_container_hostname }} + hostname: {{ infra_wireguard_container_hostname }} restart: {{ infra_wireguard_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} @@ -13,7 +14,7 @@ services: - /lib/modules:/lib/modules mem_limit: {{ infra_wireguard_container_memory }} ports: - - {{ infra_wireguard_container_port_vpn }}:51820/udp + - {{ infra_wireguard_port_vpn }}:51820/udp cap_add: - NET_ADMIN - SYS_MODULE @@ -25,6 +26,7 @@ services: {{ infra_wireguard_ui_service_name }}: image: {{ infra_wireguard_ui_container_image }} container_name: {{ infra_wireguard_ui_container_hostname }} + hostname: {{ infra_wireguard_ui_container_hostname }} restart: {{ infra_wireguard_ui_restart_policy | default(infra_restart_policy) }} logging: driver: {{ svc_log_driver }} diff --git a/vars/main/unifi.yml b/vars/main/unifi.yml index 5279bd0..1edb2ee 100644 --- a/vars/main/unifi.yml +++ b/vars/main/unifi.yml @@ -11,16 +11,4 @@ infra_unifi_env_vars: MONGO_DBNAME: "{{ infra_unifi_db_name }}" MONGO_TLS: "{{ infra_unifi_db_tls }}" MONGO_AUTHSOURCE: "{{ infra_unifi_db_auth_source }}" - -# unifi container ports -infra_unifi_container_ports: - admin: 8443 - device_comms: 8080 - guest_portal_https: 8843 - guest_portal_http: 8880 - throughput: 6789 - stun: 3478 - discovery: 10001 - l2_discovery: 1900 - syslog: 5514 ... diff --git a/vars/main/wireguard.yml b/vars/main/wireguard.yml index 79b223f..34444f4 100644 --- a/vars/main/wireguard.yml +++ b/vars/main/wireguard.yml @@ -1,7 +1,7 @@ --- # Wireguard / Wireguard-UI shared variables _wg_endpoint: "{{ infra_wireguard_container_hostname }}.{{ infra_domain_ext | default(infra_domain) }}" -_wg_port_ext: "{{ infra_wireguard_container_port_vpn | string }}" +_wg_port_ext: "{{ infra_wireguard_port_vpn | string }}" # Split infra_wireguard_internal_subnet (e.g. 10.13.13.0) to a list _wg_subnet_split: "{{ infra_wireguard_internal_subnet | split('.') }}" # Use '1' as the 4th block (similar to linuxserver.io's wireguard image internal logic), i.e. '10.13.13.0' => '10.13.13.1'