Initial Commit

2024-09-09 22:37:51 +10:00
commit ca1eea8f56
49 changed files with 2271 additions and 0 deletions
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@ -0,0 +1,86 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/traefik"
+    - "{{ data_folder }}/traefik/data"
+
+- name: Create a network
+  docker_network:
+    name: proxy
+  register: network
+
+- name: Copy Traefik config
+  template:
+    src: templates/traefik.yml.j2
+    dest: "{{ data_folder }}/traefik/data/traefik.yml"
+    mode: '0600'
+
+- name: Check if {{ data_folder }}/traefik/data/acme.json exists
+  ansible.builtin.stat:
+    path: "{{ data_folder }}/traefik/data/acme.json"
+  register: file_status
+
+- name: Creates {{ data_folder }}/traefik/data/acme.json if it doesn't exists
+  ansible.builtin.file:
+    path: "{{ data_folder }}/traefik/data/acme.json"
+    state: touch
+    owner: root
+    group: root
+    mode: '0600'
+  when: not file_status.stat.exists
+
+- name: Check if {{ data_folder }}/traefik/data/traefik.json.log exists
+  ansible.builtin.stat:
+    path: "{{ data_folder }}/traefik/data/traefik.json.log"
+  register: file_status
+
+- name: Creates {{ data_folder }}/traefik/data/traefik.json.log if it doesn't exists
+  ansible.builtin.file:
+    path: "{{ data_folder }}/traefik/data/traefik.json.log"
+    state: touch
+    owner: root
+    group: root
+    mode: '0600'
+  when: not file_status.stat.exists
+
+- name: Create traefik Container
+  docker_container:
+    name: traefik
+    image: traefik:v3.1
+    restart_policy: unless-stopped
+    networks:
+      - name: "proxy"
+    ports:
+      - 80:80
+      - 443:443
+    env:
+      CF_API_EMAIL: "{{ CF_API_EMAIL }}"
+      CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - "{{ data_folder }}/traefik/data/traefik.yml:/traefik.yml:ro"
+      - "{{ data_folder }}/traefik/data/acme.json:/acme.json"
+      - "{{ data_folder }}/traefik/data/traefik.json.log:/traefik.json.log"
+      # - ./data/config.yml:/config.yml:ro
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.traefik.entrypoints: "http"
+      traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)"
+      traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_user }}:{{ traefik_api_password | password_hash('blowfish','1234567890123456789012') }}"
+      traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
+      traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
+      traefik.http.routers.traefik-secure.entrypoints: "https"
+      traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)"
+      traefik.http.routers.traefik-secure.middlewares: "traefik-auth"
+      traefik.http.routers.traefik-secure.tls: "true"
+      traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare"
+      traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com"
+      traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com"
+      traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz"
+      traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz"
+      traefik.http.routers.traefik-secure.service: "api@internal"