Started traefik role

2023-02-01 22:53:04 -05:00
parent 85237382ca
commit bae3aee014
5 changed files with 93 additions and 3 deletions
--- a/ansible/roles/traefik/handlers/main.yml
+++ b/ansible/roles/traefik/handlers/main.yml
@@ -0,0 +1,4 @@
 - name: Restart Traefik
  community.docker.docker_compose:
    project_src: "{{ install_directory }}/traefik"
    restarted: true
--- a/ansible/roles/traefik/tasks/main.yml
+++ b/ansible/roles/traefik/tasks/main.yml
@@ -1,3 +0,0 @@
 - name: Print key
  debug:
    var: porkbun_api_key
--- a/ansible/roles/traefik/templates/docker-compose.yml
+++ b/ansible/roles/traefik/templates/docker-compose.yml
@@ -0,0 +1,26 @@
 version: "{{ docker_compose_version }}"
 networks:
  traefik:
    external: true
 services:
  traefik:
    container_name: traefik
    image: traefik:latest
    networks:
      - traefik
      - docker-socket-proxy
    ports:
      - 80:80 # HTTP
      - 443:443 # HTTPS
    environment:
      PORKBUN_API_KEY: "{{ porkbun_api_key }}"
      PORKBUN_SECRET_API_KEY: "{{ porkbun_secret_api_key }}"
    volumes:
      - "{{ data_dir }}/traefik:/etc/traefik"
    labels:
      traefik.enable: true
      traefik.http.routers.traefik-dashboard.rule: "Host(`traefik.local.{{ personal_domain }}`)"
      traefik.http.routers.traefik-dashboard.service: api@internal
      traefik.http.routers.traefik-dashboard.middlewares: lan-whitelist@file
--- a/ansible/roles/traefik/templates/traefik.yml
+++ b/ansible/roles/traefik/templates/traefik.yml
@@ -0,0 +1,55 @@
 entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: web-secure
          scheme: https
  web-secure:
    address: :443
    http:
      tls:
        certResolver: letsencrypt
        domains:
          - main: "{{ personal_domain }}"
          - sans: "*.{{ personal_domain }}"
          - main: "local.{{ personal_domain }}"
          - sans: "*.local.{{ personal_domain }}"
      middlewares:
        - secure-headers@file
  traefik:
    address: :8080
 certificatesResolvers:
  letsencrypt:
    acme:
      # Staging server
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      # Production server
      # caServer: https://acme-v02.api.letsencrypt.org/directory
    email: "{{ letsencrypt_email }}"
    storage: /etc/traefik.acme.json
    dnsChallenge:
      provider: porkbun
      delayBeforeCheck: 0
 serversTransport:
  insecureSkipVerify: true
 tls:
  options:
    default:
      minVersion: VersionTLS12
 providers:
  docker:
    endpoint: tcp://docker_socket_proxy:2375
    exposedByDefault: false
    network: traefik
  file:
    directory: /etc/traefik/conf
    watch: true
--- a/ansible/roles/traefik/vars/main.yml
+++ b/ansible/roles/traefik/vars/main.yml
@@ -19,3 +19,11 @@ porkbun_secret_api_key: !vault |
  33393831323334626335333630366331633464353638353636666430616630306139336665376132
  34326563626465633036656134373430616634393931626638636332323562366565326535626237
  38313264383866633662
 letsencrypt_email: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  62353466393863323930373663656438626661393566366336326235666137303932623838353865
  3830323761643134656431646632656166656661303963320a343436353633613763643030303364
  38396464663634343131306638383131343466613537346463373765646434393366373939653964
  6630626639393637330a386365303332653162383933353265306134383232303635633935623132
  63616137626161323037613062663063373963643263313366613233383536316638