chore: remove nfs and traefik roles. Move them to tasks

2025-10-11 22:02:00 +10:00
parent 09c67abe58
commit bc61753794
15 changed files with 421 additions and 575 deletions
--- a/tasks/nfs.yml
+++ b/tasks/nfs.yml
@@ -0,0 +1,16 @@
+---
+- name: Install NFS mount utility
+  ansible.builtin.apt:
+    update_cache: true
+    pkg: nfs-common
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: Mount an NFS volume
+  ansible.posix.mount:
+    src: "{{ item.src }}"
+    path: "{{ item.path }}"
+    opts: "{{ item.opts | default('rw,sync,hard') }}"
+    state: "{{ item.state | default( 'mounted' ) }}"
+    fstype: nfs
+  with_items: "{{ mounts }}"
--- a/tasks/traefik.yml
+++ b/tasks/traefik.yml
@@ -0,0 +1,72 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "/data/traefik"
+    - "/data/traefik/config"
+    - "/data/traefik/log"
+
+- name: Ensure 'proxy' network exists
+  docker_network:
+    name: proxy
+
+- name: Copy Traefik main configuration
+  template:
+    src: ../templates/traefik.yml.j2
+    dest: "/data/traefik/config/traefik.yml"
+    mode: "0600"
+
+- name: Copy Traefik extra config
+  template:
+    src: ../templates/config.yml.j2
+    dest: "/data/traefik/config/config.yml"
+    mode: "0600"
+
+- name: Ensure acme.json exists
+  file:
+    path: "/data/traefik/config/acme.json"
+    state: touch
+    owner: root # UID Traefik runs as
+    group: root # GID Traefik runs as
+    mode: "0600"
+
+- name: Create traefik Container
+  docker_container:
+    name: traefik
+    image: traefik:v3.5
+    restart_policy: unless-stopped
+    networks:
+      - name: "proxy"
+    ports:
+      - 80:80
+      - 443:443
+    env:
+      CF_API_EMAIL: "{{ CF_API_EMAIL }}"
+      CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - "/data/traefik/config/traefik.yml:/traefik.yml:ro"
+      - "/data/traefik/config/acme.json:/acme.json"
+      - "/data/traefik/log:/var/log/traefik"
+      - "/data/traefik/config/config.yml:/config.yml:ro"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.traefik.entrypoints: "http"
+      traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)"
+      traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_password }}"
+      traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
+      traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
+      traefik.http.routers.traefik-secure.entrypoints: "https"
+      traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)"
+      traefik.http.routers.traefik-secure.middlewares: "traefik-auth"
+      traefik.http.routers.traefik-secure.tls: "true"
+      traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare"
+      traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com"
+      traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com"
+      traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz"
+      traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz"
+      traefik.http.routers.traefik-secure.service: "api@internal"