From 07d67861671570da2afece72d808cb410beab3f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Wed, 12 Jan 2022 21:17:11 +0100 Subject: [PATCH] Add traefik role --- project/main.yml | 5 +-- project/roles/traefik/handlers/main.yml | 9 +++++ project/roles/traefik/tasks/main.yml | 20 ++++++++++ .../traefik/templates/traefik.service.j2 | 38 +++++++++++++++++++ 4 files changed, 68 insertions(+), 4 deletions(-) create mode 100644 project/roles/traefik/handlers/main.yml create mode 100644 project/roles/traefik/tasks/main.yml create mode 100644 project/roles/traefik/templates/traefik.service.j2 diff --git a/project/main.yml b/project/main.yml index da4695e..fc6680a 100644 --- a/project/main.yml +++ b/project/main.yml @@ -4,10 +4,7 @@ - name: Ping hosts ansible.builtin.ping: -- hosts: all - roles: - - testrole - hosts: docker2.t-juice.club roles: - vault - \ No newline at end of file + - traefik \ No newline at end of file diff --git a/project/roles/traefik/handlers/main.yml b/project/roles/traefik/handlers/main.yml new file mode 100644 index 0000000..438359d --- /dev/null +++ b/project/roles/traefik/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: reload systemd + ansible.builtin.systemd: + daemon_reload: yes + +- name: restart traefik + ansible.builtin.systemd: + name: vault + state: restarted diff --git a/project/roles/traefik/tasks/main.yml b/project/roles/traefik/tasks/main.yml new file mode 100644 index 0000000..b6a384f --- /dev/null +++ b/project/roles/traefik/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create traefik.service + ansible.builtin.template: + src: traefik.service.j2 + dest: /etc/systemd/system/traefik.service + notify: + - reload systemd + - restart traefik + +- meta: flush_handlers + +- name: Ensure service is started + ansible.builtin.systemd: + state: started + name: traefik + +- name: Ensure service is enabled + ansible.builtin.systemd: + enabled: yes + name: traefik diff --git a/project/roles/traefik/templates/traefik.service.j2 b/project/roles/traefik/templates/traefik.service.j2 new file mode 100644 index 0000000..b45d11b --- /dev/null +++ b/project/roles/traefik/templates/traefik.service.j2 @@ -0,0 +1,38 @@ +[Unit] +Description=Traefik Container +After=docker.service +Requires=docker.service + +[Service] +TimeoutStartSec=0 +Restart=always +ExecStartPre=-/usr/bin/docker stop traefik +ExecStartPre=-/usr/bin/docker rm traefik +ExecStartPre=-/usr/bin/docker pull traefik:latest +ExecStart=/usr/bin/docker run \ + -e TRAEFIK_LOG_LEVEL=INFO \ + -e TRAEFIK_ENTRYPOINTS_INSECURE_ADDRESS=:80 \ + -e TRAEFIK_ENTRYPOINTS_SECURE_ADDRESS=:443 \ + -e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS=true \ + -e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS_CERTRESOLVER=LE \ + -e TRAEFIK_CERTIFICATESRESOLVERS_LE=true \ + -e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_EMAIL=torjuspuz@gmail.com \ + -e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_HTTPCHALLENGE_ENTRYPOINT=insecure \ + -e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_KEYTYPE=EC256 \ + -e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_STORAGE=/acme.json \ + -e TRAEFIK_PROVIDERS_DOCKER=true \ + -e TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false \ + -l "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)" \ + -l "traefik.http.routers.http_catchall.entrypoints=insecure" \ + -l "traefik.http.routers.http_catchall.middlewares=https_redirect" \ + -l "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" \ + -l "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true" \ + -p 443:443 \ + -p 80:80 \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /var/traefik/acme.json:/acme.json \ + --network proxy \ + --name traefik traefik:latest + +[Install] +WantedBy=multi-user.target