diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml index 3be86b5..795b72e 100644 --- a/roles/traefik/defaults/main.yml +++ b/roles/traefik/defaults/main.yml @@ -1,12 +1,16 @@ +# container settings traefik_name: traefik -traefik_dashboard: false -traefik_root: "/opt/{{ traefik_name }}" -traefik_localonly: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8" +traefik_standalone: true +traefik_debug: false +traefik_web_entry: "80:80" +traefik_websecure_entry: "443:443" + +# review these options before pushing (if i can remember) traefik_production: false traefik_hsts_enable: false traefik_hsts_preload: false traefik_hsts_seconds: 0 traefik_http_redirect: false -traefik_ports: - - "80:80" - - "443:443" + +# host +traefik_root: "{{ docker_compose_root }}/{{ traefik_name }}" diff --git a/roles/traefik/handlers/main.yml b/roles/traefik/handlers/main.yml index eeaca65..79f9ea8 100644 --- a/roles/traefik/handlers/main.yml +++ b/roles/traefik/handlers/main.yml @@ -4,11 +4,8 @@ state: touch listen: reload_traefik -- name: Restart Traefik container - docker_container: - name: "{{ traefik_name }}" - image: traefik:{{ traefik_version }} - state: started - container_default_behavior: "no_defaults" - restart: yes +- name: Restart Traefik + service: + name: "{{ docker_compose_service }}@{{ traefik_name }}" + state: restarted listen: restart_traefik diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index 20dcb22..c85ac56 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,14 +1,8 @@ -- name: Create Traefik configuration directories +- name: Create Traefik directories file: path: "{{ traefik_root }}/config/dynamic" state: directory -- name: Install static Traefik configuration - template: - src: traefik.yml.j2 - dest: "{{ traefik_root }}/config/traefik.yml" - notify: restart_traefik - - name: Install dynamic security configuration template: src: security.yml.j2 @@ -25,32 +19,26 @@ loop: "{{ traefik_external }}" when: traefik_external is defined -- name: Create Traefik network - docker_network: - name: traefik +- name: Install Traefik's docker-compose file + template: + src: docker-compose.yml.j2 + dest: "{{ traefik_root }}/docker-compose.yml" + notify: restart_traefik -- name: Start Traefik container - docker_container: - name: "{{ traefik_name }}" - image: traefik:{{ traefik_version }} +- name: Install Traefik's docker-compose variables + template: + src: compose-env.j2 + dest: "{{ traefik_root }}/.env" + notify: restart_traefik + +- name: Install static Traefik configuration + template: + src: traefik.yml.j2 + dest: "{{ traefik_root }}/config/traefik.yml" + notify: restart_traefik + +- name: Start and enable Traefik service + service: + name: "{{ docker_compose_service }}@{{ traefik_name }}" state: started - restart_policy: always - ports: "{{ traefik_ports }}" - container_default_behavior: "no_defaults" - networks_cli_compatible: "false" - networks: - - name: traefik - labels: - traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)" - #traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}" - #traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}" - #traefik.http.routers.traefik.tls.certresolver: letsencrypt - #traefik.http.routers.traefik.middlewares: "securehttps@file,auth@docker,localonly" - traefik.http.routers.traefik.service: "api@internal" - traefik.http.routers.traefik.entrypoints: websecure - traefik.http.routers.traefik.tls: "true" - traefik.docker.network: traefik - traefik.enable: "{{ traefik_dashboard | string }}" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - "{{ traefik_root }}/config:/etc/traefik" + enabled: true diff --git a/roles/traefik/templates/compose-env.j2 b/roles/traefik/templates/compose-env.j2 new file mode 100644 index 0000000..46bae42 --- /dev/null +++ b/roles/traefik/templates/compose-env.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +traefik_version={{ traefik_version }} +traefik_name={{ traefik_name }} +traefik_domain={{ gitea_domain }} +traefik_dashboard={{ traefik_dashboard | string | lower }} +traefik_debug={{ traefik_debug | string | lower }} +traefik_web_entry={{ traefik_web_entry }} +traefik_websecure_entry={{ traefik_websecure_entry }} diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..50c440e --- /dev/null +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -0,0 +1,42 @@ +version: '3.7' + +networks: + traefik: + name: traefik + +services: + traefik: + image: "traefik:${traefik_version}" + container_name: "${traefik_name}" + command: + - --api.dashboard=${traefik_dashboard:-false} + - --api.debug=${traefik_debug:-false} + - --providers.docker=true + - --entrypoints.web.address=:80 +{% if traefik_standalone %} + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --entrypoints.web.http.redirections.entrypoint.permanent=true + - --entrypoints.websecure.address=:443 +{% endif %} + ports: + - "${traefik_web_entry:-80:80}" +{% if traefik_standalone %} + - "${traefik_websecure_entry:-443:443}" +{% endif %} + networks: + - traefik + labels: + - "traefik.http.routers.traefik.rule=Host(`{{ traefik_domain }}`)" + - "traefik.http.routers.traefik.service=api@internal" +{% if traefik_standalone %} + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.tls=true" +{% else %} + - "traefik.http.routers.traefik.entrypoints=web" +{% endif %} + - "traefik.docker.network=traefik" + - "traefik.enable=${traefik_dashboard:-false}" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - "{{ traefik_root }}/config:/etc/traefik"