84 lines
2.6 KiB
YAML
84 lines
2.6 KiB
YAML
---
|
|
- name: Create base volume directory for traefik
|
|
ansible.builtin.file:
|
|
path: '{{ base_docker_volumes_dir }}/traefik'
|
|
state: directory
|
|
mode: '0755'
|
|
become: true
|
|
|
|
- name: Create volume directory for traefik certificates
|
|
ansible.builtin.file:
|
|
path: '{{ base_docker_volumes_dir }}/traefik/certs'
|
|
state: directory
|
|
mode: '0755'
|
|
become: true
|
|
|
|
- name: Template traefik configuration files
|
|
ansible.builtin.template:
|
|
src: '{{ item }}.toml.j2'
|
|
dest: '{{ base_docker_volumes_dir }}/traefik/{{ item }}.toml'
|
|
mode: '0644'
|
|
loop:
|
|
- traefik
|
|
- dynamic
|
|
become: true
|
|
|
|
- name: Install passlib python package
|
|
ansible.builtin.pip:
|
|
name: passlib
|
|
state: present
|
|
become: true
|
|
|
|
- name: Generate passwords for Traefik users
|
|
ansible.builtin.set_fact:
|
|
traefik_user_passwords: "{{ traefik_user_passwords | default({}) | combine({item: lookup('ansible.builtin.password', '/dev/null', length=32, chars=['ascii_letters', 'digits'])}) }}" # noqa yaml[line-length]
|
|
loop: '{{ traefik_auth_users }}'
|
|
no_log: true
|
|
|
|
- name: Create decrypted password file
|
|
ansible.builtin.copy:
|
|
content: |
|
|
{% for user, password in traefik_user_passwords.items() %}
|
|
{{ user }}:{{ password }}
|
|
{% endfor %}
|
|
dest: '{{ base_docker_volumes_dir }}/traefik/passwords.decrypted'
|
|
mode: '0640'
|
|
become: true
|
|
|
|
- name: Create password file for traefik with hashed passwords
|
|
community.general.htpasswd:
|
|
path: '{{ base_docker_volumes_dir }}/traefik/passwords'
|
|
name: '{{ item.key }}'
|
|
password: '{{ item.value }}'
|
|
crypt_scheme: bcrypt
|
|
create: true
|
|
mode: '0640'
|
|
state: present
|
|
loop: '{{ traefik_user_passwords | dict2items }}'
|
|
become: true
|
|
|
|
- name: Deploy traefik container
|
|
community.docker.docker_container:
|
|
name: traefik
|
|
image: 'traefik:v3.4.0'
|
|
state: started
|
|
recreate: true
|
|
env:
|
|
PORT: '80'
|
|
CLOUDFLARE_EMAIL: "{{ cloudflare_email_address | default('null') }}"
|
|
CLOUDFLARE_API_KEY: "{{ cloudflare_api_key | default('null') }}"
|
|
labels: 'traefik.http.services.traefik.loadbalancer.server.port=80'
|
|
network_mode: host
|
|
ports:
|
|
- '80:80'
|
|
- '443:443'
|
|
- '8081:8081'
|
|
volumes:
|
|
- '{{ base_docker_volumes_dir }}/traefik/traefik.toml:/etc/traefik/traefik.toml'
|
|
- '{{ base_docker_volumes_dir }}/traefik/dynamic.toml:/opt/traefik/dynamic.toml'
|
|
- '{{ base_docker_volumes_dir }}/traefik/certs:/certs'
|
|
- '{{ base_docker_volumes_dir }}/traefik/passwords:/etc/traefik/.htpasswd'
|
|
- '/var/run/docker.sock:/var/run/docker.sock'
|
|
restart: false
|
|
restart_policy: always
|