jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/roles/traefik/tasks/main.yml
Jeremie Fraeys 997aff6be3
initial infra commit
2026-01-19 15:02:13 -05:00

134 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Determine Traefik directory
set_fact:
traefik_dir: >-
{{
'/opt/traefik' if not use_temp_dir else
(traefik_tempdir.path if use_temp_dir | default(false)
else '/opt/traefik')
}}
- name: Read Cloudflare DNS API token
set_fact:
traefik_cloudflare_dns_api_token: >-
{{
CF_DNS_API_TOKEN
| default(lookup('env', 'CF_DNS_API_TOKEN'))
| default(TF_VAR_cloudflare_api_token)
| default(lookup('env', 'TF_VAR_cloudflare_api_token'))
}}
- name: Fail if Cloudflare DNS API token is missing
fail:
msg: "CF_DNS_API_TOKEN (recommended) or TF_VAR_cloudflare_api_token is required for Traefik DNS-01"
when: traefik_cloudflare_dns_api_token | length == 0
- name: Create permanent directory for Traefik Docker Compose
file:
path: /opt/traefik
state: directory
when: not use_temp_dir
- name: Create temporary directory for Traefik Docker Compose (for testing)
tempfile:
state: directory
suffix: traefik
register: traefik_tempdir
when: use_temp_dir | default(false)
- name: Copy Docker Compose file for Traefik
template:
src: home-docker-compose.yml.j2
dest: "{{ traefik_dir }}/docker-compose.yml"
- name: Create Traefik subdirectories
file:
path: "{{ traefik_dir }}/{{ item }}"
state: directory
loop:
- letsencrypt
- dynamic
- name: Ensure ACME storage file exists
file:
path: "{{ traefik_dir }}/letsencrypt/acme.json"
state: touch
mode: "0600"
- name: Copy base dynamic configuration
copy:
dest: "{{ traefik_dir }}/dynamic/base.yml"
content: |
http:
routers:
authelia:
rule: "Host(`{{ auth_hostname }}`)"
entryPoints:
- websecure
tls:
certResolver: "{{ traefik_certresolver }}"
service: authelia
middlewares:
- security-headers
- compress
grafana:
rule: "Host(`{{ grafana_hostname }}`)"
entryPoints:
- websecure
tls:
certResolver: "{{ traefik_certresolver }}"
service: grafana
middlewares:
- security-headers
- compress
forgejo:
rule: "Host(`{{ forgejo_hostname }}`)"
entryPoints:
- websecure
tls:
certResolver: "{{ traefik_certresolver }}"
service: forgejo
middlewares:
- security-headers
- compress
services:
authelia:
loadBalancer:
servers:
- url: "http://authelia:9091"
grafana:
loadBalancer:
servers:
- url: "http://grafana:3000"
forgejo:
loadBalancer:
servers:
- url: "http://forgejo:3000"
middlewares:
security-headers:
headers:
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "no-referrer"
compress:
compress: {}
- name: Ensure proxy network exists
command: docker network inspect proxy
register: proxy_network
changed_when: false
failed_when: false
- name: Create proxy network if missing
command: docker network create proxy
when: proxy_network.rc != 0
- name: Deploy Traefik container
command: docker compose up -d --force-recreate
args:
chdir: "{{ traefik_dir }}"
Reference in a new issue View git blame Copy permalink