install_wireguard.yml

---
- name: Deploy WireGuard Container
  hosts: all
  become: yes
  
  tasks:
    - name: Create /opt/wireguard-server/ directory
      file:
        path: /opt/wireguard-server
        state: directory
        mode: '0755'
      become: yes
      when: not ansible_check_mode

    - name: Pull the latest WireGuard image
      docker_image:
        name: linuxserver/wireguard
        source: pull
        
    - name: Start WireGuard Container
      docker_container:
        name: wireguard
        image: linuxserver/wireguard
        cap_add:
          - NET_ADMIN
          - SYS_MODULE
        env:
          PUID: "1000"
          PGID: "1000"
          TZ: "Asia/Kuala_Lumpur"
          SERVERURL: "139.177.184.167" # optional
          SERVERPORT: "51820" # optional
          PEERS: "1" # optional
          PEERDNS: "auto"
          INTERNAL_SUBNET: "10.13.13.0" # optional
          ALLOWEDIPS: "0.0.0.0/0" # optional
          PERSISTENTKEEPALIVE_PEERS: "" # optional
          LOG_CONFS: "true" # optional
        ports:
          - "51820:51820/udp"
          - "5000:5000"
        volumes:
          - "/opt/wireguard-server/config:/config"
          - "/lib/modules:/lib/modules"
        sysctl:
          - "net.ipv4.conf.all.src_valid_mark=1"
        restart_policy: unless-stopped
   
    - name: Deploy wireguard-ui container
      docker_container:
        name: wireguard-ui
        image: ngoduykhanh/wireguard-ui:latest
        state: started
        restart_policy: unless-stopped
        cap_add: 
          - NET_ADMIN
        env:
          SENDGRID_API_KEY: ''
          EMAIL_FROM_ADDRESS: ''
          EMAIL_FROM_NAME: ''
          SESSION_SECRET: ''
          WGUI_USERNAME: admin
          WGUI_PASSWORD: admin
          WG_CONF_TEMPLATE: ''
          WGUI_MANAGE_START: 'true'
          WGUI_MANAGE_RESTART: 'true'
        log_driver: json-file
        log_options: 
          max-size: "50m"
        network_mode: "web"
        volumes: 
          - /opt/wireguard-server/db:/app/db
          - /opt/wireguard-server/config:/etc/wireguard

    - name: Allow port 51820 in UFW
      ufw:
        rule: allow
        port: 51820
        proto: udp
      become: yes

    - name: Allow port 9000
      ufw:
        rule: allow
        port: 9000
      become: yes
    
    - name: Allow port 5000
      ufw: 
        rule: allow
        port: 5000
      become: yes