From bae3aee014581f075d26c8c18ed63c7defb7c2dd Mon Sep 17 00:00:00 2001 From: Mike Wilson Date: Wed, 1 Feb 2023 22:53:04 -0500 Subject: [PATCH] Started traefik role --- ansible/roles/traefik/handlers/main.yml | 4 ++ ansible/roles/traefik/tasks/main.yml | 3 - .../traefik/templates/docker-compose.yml | 26 +++++++++ ansible/roles/traefik/templates/traefik.yml | 55 +++++++++++++++++++ ansible/roles/traefik/vars/main.yml | 8 +++ 5 files changed, 93 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/traefik/handlers/main.yml create mode 100644 ansible/roles/traefik/templates/docker-compose.yml create mode 100644 ansible/roles/traefik/templates/traefik.yml diff --git a/ansible/roles/traefik/handlers/main.yml b/ansible/roles/traefik/handlers/main.yml new file mode 100644 index 0000000..d0a3d35 --- /dev/null +++ b/ansible/roles/traefik/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart Traefik + community.docker.docker_compose: + project_src: "{{ install_directory }}/traefik" + restarted: true diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index b430ff0..e69de29 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -1,3 +0,0 @@ -- name: Print key - debug: - var: porkbun_api_key diff --git a/ansible/roles/traefik/templates/docker-compose.yml b/ansible/roles/traefik/templates/docker-compose.yml new file mode 100644 index 0000000..6a30089 --- /dev/null +++ b/ansible/roles/traefik/templates/docker-compose.yml @@ -0,0 +1,26 @@ +version: "{{ docker_compose_version }}" + +networks: + traefik: + external: true + +services: + traefik: + container_name: traefik + image: traefik:latest + networks: + - traefik + - docker-socket-proxy + ports: + - 80:80 # HTTP + - 443:443 # HTTPS + environment: + PORKBUN_API_KEY: "{{ porkbun_api_key }}" + PORKBUN_SECRET_API_KEY: "{{ porkbun_secret_api_key }}" + volumes: + - "{{ data_dir }}/traefik:/etc/traefik" + labels: + traefik.enable: true + traefik.http.routers.traefik-dashboard.rule: "Host(`traefik.local.{{ personal_domain }}`)" + traefik.http.routers.traefik-dashboard.service: api@internal + traefik.http.routers.traefik-dashboard.middlewares: lan-whitelist@file diff --git a/ansible/roles/traefik/templates/traefik.yml b/ansible/roles/traefik/templates/traefik.yml new file mode 100644 index 0000000..4b3ca00 --- /dev/null +++ b/ansible/roles/traefik/templates/traefik.yml @@ -0,0 +1,55 @@ +entryPoints: + web: + address: :80 + http: + redirections: + entryPoint: + to: web-secure + scheme: https + + web-secure: + address: :443 + http: + tls: + certResolver: letsencrypt + domains: + - main: "{{ personal_domain }}" + - sans: "*.{{ personal_domain }}" + - main: "local.{{ personal_domain }}" + - sans: "*.local.{{ personal_domain }}" + middlewares: + - secure-headers@file + + traefik: + address: :8080 + +certificatesResolvers: + letsencrypt: + acme: + # Staging server + caServer: https://acme-staging-v02.api.letsencrypt.org/directory + + # Production server + # caServer: https://acme-v02.api.letsencrypt.org/directory + email: "{{ letsencrypt_email }}" + storage: /etc/traefik.acme.json + dnsChallenge: + provider: porkbun + delayBeforeCheck: 0 + +serversTransport: + insecureSkipVerify: true + +tls: + options: + default: + minVersion: VersionTLS12 + +providers: + docker: + endpoint: tcp://docker_socket_proxy:2375 + exposedByDefault: false + network: traefik + file: + directory: /etc/traefik/conf + watch: true diff --git a/ansible/roles/traefik/vars/main.yml b/ansible/roles/traefik/vars/main.yml index 52582fa..a8da3f1 100644 --- a/ansible/roles/traefik/vars/main.yml +++ b/ansible/roles/traefik/vars/main.yml @@ -19,3 +19,11 @@ porkbun_secret_api_key: !vault | 33393831323334626335333630366331633464353638353636666430616630306139336665376132 34326563626465633036656134373430616634393931626638636332323562366565326535626237 38313264383866633662 + +letsencrypt_email: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62353466393863323930373663656438626661393566366336326235666137303932623838353865 + 3830323761643134656431646632656166656661303963320a343436353633613763643030303364 + 38396464663634343131306638383131343466613537346463373765646434393366373939653964 + 6630626639393637330a386365303332653162383933353265306134383232303635633935623132 + 63616137626161323037613062663063373963643263313366613233383536316638