Initial commit

This commit is contained in:
Lennard Brinkhaus 2023-09-18 18:42:05 +02:00
commit 5d90c8b905
Signed by: lennard.brinkhaus
GPG Key ID: 286421EC53998B22
13 changed files with 227 additions and 0 deletions

19
.editorconfig Normal file
View File

@ -0,0 +1,19 @@
# EditorConfig: http://EditorConfig.org
# top-most EditorConfig file
root = true
# Defaults for all editor files
[*]
insert_final_newline = true
indent_style = space
indent_size = 4
trim_trailing_whitespace = true
# Files with a smaller indent
[*.yml]
indent_size = 2
# Jinja2 template files
[*.j2]
end_of_line = lf

20
.gitignore vendored Normal file
View File

@ -0,0 +1,20 @@
local-configure.yml
.vagrant/
docs/_build/
roles/plone.plone_server
roles/jnv.unattended-upgrades
roles/tersmitten.fail2ban
roles/ANXS.hostname
roles/ANXS.apt
._*
bin/
lib/
include/
local/
tests.out
*.retry
*.log
vbox_host.cfg
.DS_Store
*.py[co]
.idea/

2
ansible.cfg Normal file
View File

@ -0,0 +1,2 @@
[defaults]
roles_path: ./../

5
defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
traefik_version_check: true
traefik_version: "v2.10.4"
traefik_yaml_acme_email: ""

13
handlers/main.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: "Restart traefik"
ansible.builtin.service:
name: traefik
state: restarted
scope: "user"
when: ansible_service_mgr == "systemd"
- name: "Reload systemd"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when: ansible_service_mgr == "systemd"

36
meta/main.yml Normal file
View File

@ -0,0 +1,36 @@
galaxy_info:
author: Lennard Brinkhaus
description: Install and manage a Traefik
company: DragSE
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
min_ansible_version: "2.1"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
license: None
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- traefik
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

2
meta/requirements.yml Normal file
View File

@ -0,0 +1,2 @@
- name: role-podman
src: https://git.dragse.it/ansible/role-podman

47
tasks/main.yml Normal file
View File

@ -0,0 +1,47 @@
---
- name: Create podman folder
file:
path: /root/.config/containers/systemd/
state: directory
mode: 0775
recurse: yes
- name: Create letsencrypt folder
file:
path: /letsencrypt
state: directory
mode: 0775
recurse: yes
- name: Setup Podman quadlet
block:
- name: Copy traefik.network
ansible.builtin.template:
src: traefik.network
dest: "/root/.config/containers/systemd/traefik.network"
- name: Copy traefik.container
ansible.builtin.template:
src: traefik.quadlet.j2
dest: "/root/.config/containers/systemd/traefik.container"
- name: Copy traefik.yml
ansible.builtin.template:
src: traefik.yaml.j2
dest: "/etc/traefik/traefik.yaml"
- name: "Reload systemd"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
notify:
- Reload systemd
- Restart traefik
- name: Start Traefik
systemd_service:
enabled: true
name: traefik
state: started
scope: "user"

View File

@ -0,0 +1,2 @@
[Network]
Label=app=traefik

View File

@ -0,0 +1,42 @@
[Unit]
Description=Traefik Reverse Proxy
Documentation=https://doc.traefik.io/traefik/providers/docker
[Container]
ContainerName=traefik
Image=docker.io/library/traefik:{{ traefik_version }}
Environment=TZ=Europe/Berlin
#Environment=CLOUDFLARE_DNS_API_TOKEN=<REDACTED>
PublishPort=0.0.0.0:80:80/tcp
PublishPort=0.0.0.0:443:443/tcp
PublishPort=0.0.0.0:8080:8080/tcp
#Network=pasta:-T,auto
Network=traefik.network
Volume=/etc/traefik:/etc/traefik:rw
Volume=/var/run/podman/podman.sock:/var/run/docker.sock:ro
NoNewPrivileges=true
DropCapability=All
AddCapability=net_bind_service
#UserNS=keep-id
# Required to access the Podman Socket
#SecurityLabelDisable=true
PodmanArgs=--userns=keep-id --security-opt label=disable
[Service]
Restart=on-failure
# Restart Delay
RestartSec=30
# Allowed time for the service to start.
TimeoutStartSec=90
# Allowed time for the service to stop.
TimeoutStopSec=90
[Install]
WantedBy=default.target

31
templates/traefik.yaml.j2 Normal file
View File

@ -0,0 +1,31 @@
# traefik.yml
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
websecure:
address: ":443"
# Docker configuration backend
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
network: systemd-traefik
# API and dashboard configuration
api:
# insecure: true
dashboard: true
certificatesResolvers:
resolver:
acme:
email: {{ traefik_yaml_acme_email }}
storage: /letsencrypt/acme.json
httpChallenge:
entryPoint: web

1
tests/inventory Normal file
View File

@ -0,0 +1 @@
192.168.1.142

7
tests/test.yml Normal file
View File

@ -0,0 +1,7 @@
---
- hosts: all
remote_user: root
roles:
- role-traefik
vars:
traefik_yaml_acme_email: "test@localhost.intern"