- name: Create Traefik configuration directories
  file:
    path: "{{ traefik_root }}/config/dynamic"
    state: directory

- name: Install static Traefik configuration
  template:
    src: traefik.yml.j2
    dest: "{{ traefik_root }}/config/traefik.yml"
  notify: restart_traefik

- name: Install dynamic security configuration
  template:
    src: security.yml.j2
    dest: "{{ traefik_root }}/config/dynamic/security.yml"
    owner: root
    group: root
    mode: 0600
  notify: reload_traefik

- name: Install dynamic non-docker configuration
  template:
    src: "external.yml.j2"
    dest: "{{ traefik_root }}/config/dynamic/{{ item.name }}.yml"
  loop: "{{ traefik_external }}"
  when: traefik_external is defined

- name: Create Traefik network
  docker_network:
    name: traefik

- name: Start Traefik container
  docker_container:
    name: "{{ traefik_name }}"
    image: traefik:{{ traefik_version }}
    state: started
    restart_policy: always
    ports: "{{ traefik_ports }}"
    networks_cli_compatible: "false"
    networks:
      - name: traefik
    labels:
      traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)"
      #traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
      #traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
      traefik.http.routers.traefik.middlewares: "securehttps@file,auth@docker"
      traefik.http.routers.traefik.service: "api@internal"
      traefik.http.routers.traefik.entrypoints: websecure
      traefik.http.routers.traefik.tls: "true"
      traefik.docker.network: traefik
      traefik.enable: "{{ traefik_dashboard | string }}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - "{{ traefik_root }}/config:/etc/traefik"