Add traefik role

This commit is contained in:
Torjus Håkestad 2022-01-12 21:17:11 +01:00
parent fec3bcd01c
commit 07d6786167
4 changed files with 68 additions and 4 deletions
project
main.yml
roles/traefik

View File

@ -4,10 +4,7 @@
- name: Ping hosts
ansible.builtin.ping:
- hosts: all
roles:
- testrole
- hosts: docker2.t-juice.club
roles:
- vault
- traefik

View File

@ -0,0 +1,9 @@
---
- name: reload systemd
ansible.builtin.systemd:
daemon_reload: yes
- name: restart traefik
ansible.builtin.systemd:
name: vault
state: restarted

View File

@ -0,0 +1,20 @@
---
- name: Create traefik.service
ansible.builtin.template:
src: traefik.service.j2
dest: /etc/systemd/system/traefik.service
notify:
- reload systemd
- restart traefik
- meta: flush_handlers
- name: Ensure service is started
ansible.builtin.systemd:
state: started
name: traefik
- name: Ensure service is enabled
ansible.builtin.systemd:
enabled: yes
name: traefik

View File

@ -0,0 +1,38 @@
[Unit]
Description=Traefik Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop traefik
ExecStartPre=-/usr/bin/docker rm traefik
ExecStartPre=-/usr/bin/docker pull traefik:latest
ExecStart=/usr/bin/docker run \
-e TRAEFIK_LOG_LEVEL=INFO \
-e TRAEFIK_ENTRYPOINTS_INSECURE_ADDRESS=:80 \
-e TRAEFIK_ENTRYPOINTS_SECURE_ADDRESS=:443 \
-e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS=true \
-e TRAEFIK_ENTRYPOINTS_SECURE_HTTP_TLS_CERTRESOLVER=LE \
-e TRAEFIK_CERTIFICATESRESOLVERS_LE=true \
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_EMAIL=torjuspuz@gmail.com \
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_HTTPCHALLENGE_ENTRYPOINT=insecure \
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_KEYTYPE=EC256 \
-e TRAEFIK_CERTIFICATESRESOLVERS_LE_ACME_STORAGE=/acme.json \
-e TRAEFIK_PROVIDERS_DOCKER=true \
-e TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false \
-l "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)" \
-l "traefik.http.routers.http_catchall.entrypoints=insecure" \
-l "traefik.http.routers.http_catchall.middlewares=https_redirect" \
-l "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" \
-l "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true" \
-p 443:443 \
-p 80:80 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/traefik/acme.json:/acme.json \
--network proxy \
--name traefik traefik:latest
[Install]
WantedBy=multi-user.target