Initial commit
This commit is contained in:
commit
5d90c8b905
19
.editorconfig
Normal file
19
.editorconfig
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# EditorConfig: http://EditorConfig.org
|
||||||
|
|
||||||
|
# top-most EditorConfig file
|
||||||
|
root = true
|
||||||
|
|
||||||
|
# Defaults for all editor files
|
||||||
|
[*]
|
||||||
|
insert_final_newline = true
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 4
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
# Files with a smaller indent
|
||||||
|
[*.yml]
|
||||||
|
indent_size = 2
|
||||||
|
|
||||||
|
# Jinja2 template files
|
||||||
|
[*.j2]
|
||||||
|
end_of_line = lf
|
20
.gitignore
vendored
Normal file
20
.gitignore
vendored
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
local-configure.yml
|
||||||
|
.vagrant/
|
||||||
|
docs/_build/
|
||||||
|
roles/plone.plone_server
|
||||||
|
roles/jnv.unattended-upgrades
|
||||||
|
roles/tersmitten.fail2ban
|
||||||
|
roles/ANXS.hostname
|
||||||
|
roles/ANXS.apt
|
||||||
|
._*
|
||||||
|
bin/
|
||||||
|
lib/
|
||||||
|
include/
|
||||||
|
local/
|
||||||
|
tests.out
|
||||||
|
*.retry
|
||||||
|
*.log
|
||||||
|
vbox_host.cfg
|
||||||
|
.DS_Store
|
||||||
|
*.py[co]
|
||||||
|
.idea/
|
2
ansible.cfg
Normal file
2
ansible.cfg
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
[defaults]
|
||||||
|
roles_path: ./../
|
5
defaults/main.yml
Normal file
5
defaults/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
traefik_version_check: true
|
||||||
|
traefik_version: "v2.10.4"
|
||||||
|
|
||||||
|
traefik_yaml_acme_email: ""
|
13
handlers/main.yml
Normal file
13
handlers/main.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
- name: "Restart traefik"
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: traefik
|
||||||
|
state: restarted
|
||||||
|
scope: "user"
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: "Reload systemd"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
scope: "user"
|
||||||
|
when: ansible_service_mgr == "systemd"
|
36
meta/main.yml
Normal file
36
meta/main.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
galaxy_info:
|
||||||
|
author: Lennard Brinkhaus
|
||||||
|
description: Install and manage a Traefik
|
||||||
|
company: DragSE
|
||||||
|
|
||||||
|
# If the issue tracker for your role is not on github, uncomment the
|
||||||
|
# next line and provide a value
|
||||||
|
# issue_tracker_url: http://example.com/issue/tracker
|
||||||
|
|
||||||
|
min_ansible_version: "2.1"
|
||||||
|
|
||||||
|
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||||
|
# min_ansible_container_version:
|
||||||
|
|
||||||
|
license: None
|
||||||
|
|
||||||
|
#
|
||||||
|
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||||
|
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
|
||||||
|
galaxy_tags:
|
||||||
|
- traefik
|
||||||
|
|
||||||
|
dependencies: []
|
||||||
|
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||||
|
# if you add dependencies to this list.
|
2
meta/requirements.yml
Normal file
2
meta/requirements.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
- name: role-podman
|
||||||
|
src: https://git.dragse.it/ansible/role-podman
|
47
tasks/main.yml
Normal file
47
tasks/main.yml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
---
|
||||||
|
- name: Create podman folder
|
||||||
|
file:
|
||||||
|
path: /root/.config/containers/systemd/
|
||||||
|
state: directory
|
||||||
|
mode: 0775
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
- name: Create letsencrypt folder
|
||||||
|
file:
|
||||||
|
path: /letsencrypt
|
||||||
|
state: directory
|
||||||
|
mode: 0775
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
- name: Setup Podman quadlet
|
||||||
|
block:
|
||||||
|
- name: Copy traefik.network
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: traefik.network
|
||||||
|
dest: "/root/.config/containers/systemd/traefik.network"
|
||||||
|
|
||||||
|
- name: Copy traefik.container
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: traefik.quadlet.j2
|
||||||
|
dest: "/root/.config/containers/systemd/traefik.container"
|
||||||
|
|
||||||
|
- name: Copy traefik.yml
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: traefik.yaml.j2
|
||||||
|
dest: "/etc/traefik/traefik.yaml"
|
||||||
|
|
||||||
|
- name: "Reload systemd"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
scope: "user"
|
||||||
|
notify:
|
||||||
|
- Reload systemd
|
||||||
|
- Restart traefik
|
||||||
|
|
||||||
|
- name: Start Traefik
|
||||||
|
systemd_service:
|
||||||
|
enabled: true
|
||||||
|
name: traefik
|
||||||
|
state: started
|
||||||
|
scope: "user"
|
||||||
|
|
2
templates/traefik.network
Normal file
2
templates/traefik.network
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
[Network]
|
||||||
|
Label=app=traefik
|
42
templates/traefik.quadlet.j2
Normal file
42
templates/traefik.quadlet.j2
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Traefik Reverse Proxy
|
||||||
|
Documentation=https://doc.traefik.io/traefik/providers/docker
|
||||||
|
|
||||||
|
[Container]
|
||||||
|
ContainerName=traefik
|
||||||
|
Image=docker.io/library/traefik:{{ traefik_version }}
|
||||||
|
Environment=TZ=Europe/Berlin
|
||||||
|
|
||||||
|
#Environment=CLOUDFLARE_DNS_API_TOKEN=<REDACTED>
|
||||||
|
|
||||||
|
PublishPort=0.0.0.0:80:80/tcp
|
||||||
|
PublishPort=0.0.0.0:443:443/tcp
|
||||||
|
PublishPort=0.0.0.0:8080:8080/tcp
|
||||||
|
|
||||||
|
#Network=pasta:-T,auto
|
||||||
|
Network=traefik.network
|
||||||
|
|
||||||
|
Volume=/etc/traefik:/etc/traefik:rw
|
||||||
|
Volume=/var/run/podman/podman.sock:/var/run/docker.sock:ro
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
DropCapability=All
|
||||||
|
AddCapability=net_bind_service
|
||||||
|
|
||||||
|
#UserNS=keep-id
|
||||||
|
# Required to access the Podman Socket
|
||||||
|
#SecurityLabelDisable=true
|
||||||
|
PodmanArgs=--userns=keep-id --security-opt label=disable
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=on-failure
|
||||||
|
# Restart Delay
|
||||||
|
RestartSec=30
|
||||||
|
# Allowed time for the service to start.
|
||||||
|
TimeoutStartSec=90
|
||||||
|
# Allowed time for the service to stop.
|
||||||
|
TimeoutStopSec=90
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
||||||
|
|
31
templates/traefik.yaml.j2
Normal file
31
templates/traefik.yaml.j2
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# traefik.yml
|
||||||
|
entryPoints:
|
||||||
|
web:
|
||||||
|
address: ":80"
|
||||||
|
http:
|
||||||
|
redirections:
|
||||||
|
entryPoint:
|
||||||
|
to: websecure
|
||||||
|
|
||||||
|
websecure:
|
||||||
|
address: ":443"
|
||||||
|
|
||||||
|
# Docker configuration backend
|
||||||
|
providers:
|
||||||
|
docker:
|
||||||
|
endpoint: "unix:///var/run/docker.sock"
|
||||||
|
network: systemd-traefik
|
||||||
|
|
||||||
|
|
||||||
|
# API and dashboard configuration
|
||||||
|
api:
|
||||||
|
# insecure: true
|
||||||
|
dashboard: true
|
||||||
|
|
||||||
|
certificatesResolvers:
|
||||||
|
resolver:
|
||||||
|
acme:
|
||||||
|
email: {{ traefik_yaml_acme_email }}
|
||||||
|
storage: /letsencrypt/acme.json
|
||||||
|
httpChallenge:
|
||||||
|
entryPoint: web
|
1
tests/inventory
Normal file
1
tests/inventory
Normal file
@ -0,0 +1 @@
|
|||||||
|
192.168.1.142
|
7
tests/test.yml
Normal file
7
tests/test.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- role-traefik
|
||||||
|
vars:
|
||||||
|
traefik_yaml_acme_email: "test@localhost.intern"
|
Loading…
Reference in New Issue
Block a user