Initial commit
This commit is contained in:
commit
5d90c8b905
19
.editorconfig
Normal file
19
.editorconfig
Normal file
@ -0,0 +1,19 @@
|
||||
# EditorConfig: http://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
||||
# Defaults for all editor files
|
||||
[*]
|
||||
insert_final_newline = true
|
||||
indent_style = space
|
||||
indent_size = 4
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
# Files with a smaller indent
|
||||
[*.yml]
|
||||
indent_size = 2
|
||||
|
||||
# Jinja2 template files
|
||||
[*.j2]
|
||||
end_of_line = lf
|
20
.gitignore
vendored
Normal file
20
.gitignore
vendored
Normal file
@ -0,0 +1,20 @@
|
||||
local-configure.yml
|
||||
.vagrant/
|
||||
docs/_build/
|
||||
roles/plone.plone_server
|
||||
roles/jnv.unattended-upgrades
|
||||
roles/tersmitten.fail2ban
|
||||
roles/ANXS.hostname
|
||||
roles/ANXS.apt
|
||||
._*
|
||||
bin/
|
||||
lib/
|
||||
include/
|
||||
local/
|
||||
tests.out
|
||||
*.retry
|
||||
*.log
|
||||
vbox_host.cfg
|
||||
.DS_Store
|
||||
*.py[co]
|
||||
.idea/
|
2
ansible.cfg
Normal file
2
ansible.cfg
Normal file
@ -0,0 +1,2 @@
|
||||
[defaults]
|
||||
roles_path: ./../
|
5
defaults/main.yml
Normal file
5
defaults/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
traefik_version_check: true
|
||||
traefik_version: "v2.10.4"
|
||||
|
||||
traefik_yaml_acme_email: ""
|
13
handlers/main.yml
Normal file
13
handlers/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: "Restart traefik"
|
||||
ansible.builtin.service:
|
||||
name: traefik
|
||||
state: restarted
|
||||
scope: "user"
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: "Reload systemd"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
scope: "user"
|
||||
when: ansible_service_mgr == "systemd"
|
36
meta/main.yml
Normal file
36
meta/main.yml
Normal file
@ -0,0 +1,36 @@
|
||||
galaxy_info:
|
||||
author: Lennard Brinkhaus
|
||||
description: Install and manage a Traefik
|
||||
company: DragSE
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
min_ansible_version: "2.1"
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
license: None
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- all
|
||||
|
||||
galaxy_tags:
|
||||
- traefik
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
2
meta/requirements.yml
Normal file
2
meta/requirements.yml
Normal file
@ -0,0 +1,2 @@
|
||||
- name: role-podman
|
||||
src: https://git.dragse.it/ansible/role-podman
|
47
tasks/main.yml
Normal file
47
tasks/main.yml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
- name: Create podman folder
|
||||
file:
|
||||
path: /root/.config/containers/systemd/
|
||||
state: directory
|
||||
mode: 0775
|
||||
recurse: yes
|
||||
|
||||
- name: Create letsencrypt folder
|
||||
file:
|
||||
path: /letsencrypt
|
||||
state: directory
|
||||
mode: 0775
|
||||
recurse: yes
|
||||
|
||||
- name: Setup Podman quadlet
|
||||
block:
|
||||
- name: Copy traefik.network
|
||||
ansible.builtin.template:
|
||||
src: traefik.network
|
||||
dest: "/root/.config/containers/systemd/traefik.network"
|
||||
|
||||
- name: Copy traefik.container
|
||||
ansible.builtin.template:
|
||||
src: traefik.quadlet.j2
|
||||
dest: "/root/.config/containers/systemd/traefik.container"
|
||||
|
||||
- name: Copy traefik.yml
|
||||
ansible.builtin.template:
|
||||
src: traefik.yaml.j2
|
||||
dest: "/etc/traefik/traefik.yaml"
|
||||
|
||||
- name: "Reload systemd"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
scope: "user"
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart traefik
|
||||
|
||||
- name: Start Traefik
|
||||
systemd_service:
|
||||
enabled: true
|
||||
name: traefik
|
||||
state: started
|
||||
scope: "user"
|
||||
|
2
templates/traefik.network
Normal file
2
templates/traefik.network
Normal file
@ -0,0 +1,2 @@
|
||||
[Network]
|
||||
Label=app=traefik
|
42
templates/traefik.quadlet.j2
Normal file
42
templates/traefik.quadlet.j2
Normal file
@ -0,0 +1,42 @@
|
||||
[Unit]
|
||||
Description=Traefik Reverse Proxy
|
||||
Documentation=https://doc.traefik.io/traefik/providers/docker
|
||||
|
||||
[Container]
|
||||
ContainerName=traefik
|
||||
Image=docker.io/library/traefik:{{ traefik_version }}
|
||||
Environment=TZ=Europe/Berlin
|
||||
|
||||
#Environment=CLOUDFLARE_DNS_API_TOKEN=<REDACTED>
|
||||
|
||||
PublishPort=0.0.0.0:80:80/tcp
|
||||
PublishPort=0.0.0.0:443:443/tcp
|
||||
PublishPort=0.0.0.0:8080:8080/tcp
|
||||
|
||||
#Network=pasta:-T,auto
|
||||
Network=traefik.network
|
||||
|
||||
Volume=/etc/traefik:/etc/traefik:rw
|
||||
Volume=/var/run/podman/podman.sock:/var/run/docker.sock:ro
|
||||
|
||||
NoNewPrivileges=true
|
||||
DropCapability=All
|
||||
AddCapability=net_bind_service
|
||||
|
||||
#UserNS=keep-id
|
||||
# Required to access the Podman Socket
|
||||
#SecurityLabelDisable=true
|
||||
PodmanArgs=--userns=keep-id --security-opt label=disable
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
# Restart Delay
|
||||
RestartSec=30
|
||||
# Allowed time for the service to start.
|
||||
TimeoutStartSec=90
|
||||
# Allowed time for the service to stop.
|
||||
TimeoutStopSec=90
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
31
templates/traefik.yaml.j2
Normal file
31
templates/traefik.yaml.j2
Normal file
@ -0,0 +1,31 @@
|
||||
# traefik.yml
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
|
||||
websecure:
|
||||
address: ":443"
|
||||
|
||||
# Docker configuration backend
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
network: systemd-traefik
|
||||
|
||||
|
||||
# API and dashboard configuration
|
||||
api:
|
||||
# insecure: true
|
||||
dashboard: true
|
||||
|
||||
certificatesResolvers:
|
||||
resolver:
|
||||
acme:
|
||||
email: {{ traefik_yaml_acme_email }}
|
||||
storage: /letsencrypt/acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
1
tests/inventory
Normal file
1
tests/inventory
Normal file
@ -0,0 +1 @@
|
||||
192.168.1.142
|
7
tests/test.yml
Normal file
7
tests/test.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- hosts: all
|
||||
remote_user: root
|
||||
roles:
|
||||
- role-traefik
|
||||
vars:
|
||||
traefik_yaml_acme_email: "test@localhost.intern"
|
Loading…
Reference in New Issue
Block a user