commit 5d90c8b905892421362bf649f6c66d12989b9760 Author: Lennard Brinkhaus Date: Mon Sep 18 18:42:05 2023 +0200 Initial commit diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ab9fdb4 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,19 @@ +# EditorConfig: http://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Defaults for all editor files +[*] +insert_final_newline = true +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true + +# Files with a smaller indent +[*.yml] +indent_size = 2 + +# Jinja2 template files +[*.j2] +end_of_line = lf \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5b396ab --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +local-configure.yml +.vagrant/ +docs/_build/ +roles/plone.plone_server +roles/jnv.unattended-upgrades +roles/tersmitten.fail2ban +roles/ANXS.hostname +roles/ANXS.apt +._* +bin/ +lib/ +include/ +local/ +tests.out +*.retry +*.log +vbox_host.cfg +.DS_Store +*.py[co] +.idea/ diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..17c134e --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path: ./../ diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..5760d3f --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,5 @@ +--- +traefik_version_check: true +traefik_version: "v2.10.4" + +traefik_yaml_acme_email: "" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..0eed299 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: "Restart traefik" + ansible.builtin.service: + name: traefik + state: restarted + scope: "user" + when: ansible_service_mgr == "systemd" + +- name: "Reload systemd" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + when: ansible_service_mgr == "systemd" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..583a5df --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,36 @@ +galaxy_info: + author: Lennard Brinkhaus + description: Install and manage a Traefik + company: DragSE + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + min_ansible_version: "2.1" + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + license: None + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + + galaxy_tags: + - traefik + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. diff --git a/meta/requirements.yml b/meta/requirements.yml new file mode 100644 index 0000000..c84aea4 --- /dev/null +++ b/meta/requirements.yml @@ -0,0 +1,2 @@ +- name: role-podman + src: https://git.dragse.it/ansible/role-podman diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d3f5d9e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,47 @@ +--- +- name: Create podman folder + file: + path: /root/.config/containers/systemd/ + state: directory + mode: 0775 + recurse: yes + +- name: Create letsencrypt folder + file: + path: /letsencrypt + state: directory + mode: 0775 + recurse: yes + +- name: Setup Podman quadlet + block: + - name: Copy traefik.network + ansible.builtin.template: + src: traefik.network + dest: "/root/.config/containers/systemd/traefik.network" + + - name: Copy traefik.container + ansible.builtin.template: + src: traefik.quadlet.j2 + dest: "/root/.config/containers/systemd/traefik.container" + + - name: Copy traefik.yml + ansible.builtin.template: + src: traefik.yaml.j2 + dest: "/etc/traefik/traefik.yaml" + + - name: "Reload systemd" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + notify: + - Reload systemd + - Restart traefik + +- name: Start Traefik + systemd_service: + enabled: true + name: traefik + state: started + scope: "user" + diff --git a/templates/traefik.network b/templates/traefik.network new file mode 100644 index 0000000..b1fb1b4 --- /dev/null +++ b/templates/traefik.network @@ -0,0 +1,2 @@ +[Network] +Label=app=traefik diff --git a/templates/traefik.quadlet.j2 b/templates/traefik.quadlet.j2 new file mode 100644 index 0000000..5399cc4 --- /dev/null +++ b/templates/traefik.quadlet.j2 @@ -0,0 +1,42 @@ +[Unit] +Description=Traefik Reverse Proxy +Documentation=https://doc.traefik.io/traefik/providers/docker + +[Container] +ContainerName=traefik +Image=docker.io/library/traefik:{{ traefik_version }} +Environment=TZ=Europe/Berlin + +#Environment=CLOUDFLARE_DNS_API_TOKEN= + +PublishPort=0.0.0.0:80:80/tcp +PublishPort=0.0.0.0:443:443/tcp +PublishPort=0.0.0.0:8080:8080/tcp + +#Network=pasta:-T,auto +Network=traefik.network + +Volume=/etc/traefik:/etc/traefik:rw +Volume=/var/run/podman/podman.sock:/var/run/docker.sock:ro + +NoNewPrivileges=true +DropCapability=All +AddCapability=net_bind_service + +#UserNS=keep-id +# Required to access the Podman Socket +#SecurityLabelDisable=true +PodmanArgs=--userns=keep-id --security-opt label=disable + +[Service] +Restart=on-failure +# Restart Delay +RestartSec=30 +# Allowed time for the service to start. +TimeoutStartSec=90 +# Allowed time for the service to stop. +TimeoutStopSec=90 + +[Install] +WantedBy=default.target + diff --git a/templates/traefik.yaml.j2 b/templates/traefik.yaml.j2 new file mode 100644 index 0000000..5988b44 --- /dev/null +++ b/templates/traefik.yaml.j2 @@ -0,0 +1,31 @@ +# traefik.yml +entryPoints: + web: + address: ":80" + http: + redirections: + entryPoint: + to: websecure + + websecure: + address: ":443" + +# Docker configuration backend +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + network: systemd-traefik + + +# API and dashboard configuration +api: + # insecure: true + dashboard: true + +certificatesResolvers: + resolver: + acme: + email: {{ traefik_yaml_acme_email }} + storage: /letsencrypt/acme.json + httpChallenge: + entryPoint: web diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..ac96836 --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +192.168.1.142 diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..f1ebf23 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + remote_user: root + roles: + - role-traefik + vars: + traefik_yaml_acme_email: "test@localhost.intern"