feat: initial commit

roles/traefik/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+traefik_state: present
+traefik_version: v1.7.28
+traefik_docker_compose_directory: /opt/traefik
+traefik_use_configuration_file: false
+traefik_docker_domain: docker.localhost
+traefik_docker_log_level: ERROR
+traefik_acme_enabled: true
+traefik_dashboard_enabled: false

roles/traefik/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart traefik
+  service:
+    name: traefik
+    state: restarted
+    daemon_reload: True
+    enabled: True

roles/traefik/tasks/configure.yml

@@ -0,0 +1,35 @@
+---
+- name: configure | deploy systemd configuration
+  template:
+    src: etc/systemd/system/traefik.service.j2
+    dest: /etc/systemd/system/traefik.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: "restart traefik"
+
+- name: configure | deploy traefik configuration
+  template:
+    src: opt/traefik/traefik.toml.j2
+    dest: "{{ traefik_docker_compose_directory }}/traefik.toml"
+    owner: root
+    group: root
+    mode: 0644
+  notify: "restart traefik"
+
+- name: configure | create acme.json
+  file:
+    path: "{{ traefik_docker_compose_directory }}/acme.json"
+    owner: root
+    group: root
+    state: touch
+    mode: 0600
+  changed_when: no
+
+- name: configure | create network traefik_network
+  command: docker network create traefik_network
+  ignore_errors: yes
+  changed_when: no
+
+- name: configure | flush handlers
+  meta: flush_handlers

roles/traefik/tasks/install.yml

@@ -0,0 +1,12 @@
+---
+- name: install | create directory {{ traefik_docker_compose_directory }}
+  file:
+    path: "{{ traefik_docker_compose_directory }}"
+    state: directory
+    mode: 0755
+
+- name: install | set compose file
+  template:
+    src: opt/traefik/docker-compose.yml.j2
+    dest: "{{ traefik_docker_compose_directory }}/docker-compose.yml"
+  notify: 'restart traefik'

roles/traefik/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ traefik_state }}.yml"

roles/traefik/tasks/present.yml

@@ -0,0 +1,4 @@
+---
+- include_tasks: "install.yml"
+- include_tasks: "configure.yml"
+- include_tasks: "start.yml"

roles/traefik/tasks/start.yml

@@ -0,0 +1,10 @@
+---
+- name: start | ensure traefik is up and running
+  service:
+    name: traefik
+    state: started
+
+- name: start | wait for traefik up and running
+  wait_for:
+    port: 443
+    delay: 10

roles/traefik/tasks/stop.yml

@@ -0,0 +1,5 @@
+---
+- name: stop | ensure traefik is up and running
+  service:
+    name: traefik
+    state: stopped

roles/traefik/templates/etc/systemd/system/traefik.service.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+[Unit]
+Description=Traefik
+Wants=docker.service
+After=docker.service
+ 
+[Service]
+Restart=always
+ExecStart=/usr/local/bin/docker-compose -f "{{ traefik_docker_compose_directory }}/docker-compose.yml" up
+ExecStop=/usr/local/bin/docker-compose -f "{{ traefik_docker_compose_directory }}/docker-compose.yml" down
+
+[Install]
+WantedBy=multi-user.target

roles/traefik/templates/opt/traefik/docker-compose.yml.j2

@@ -0,0 +1,27 @@
+---
+# {{ ansible_managed }}
+version: '3.2'
+services:
+    traefik:
+        image: traefik:{{ traefik_version }}
+        restart: always
+        command: --api --docker # Enables the web UI and tells Traefik to listen to docker
+        ports:
+          - "80:80"     # The HTTP port
+          - "443:443"   # The HTTPS ports
+{% if traefik_dashboard_enabled %}
+          - "8080:8080" # Dashboard port
+{% endif %}
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+          - {{ traefik_docker_compose_directory }}/traefik.toml:/traefik.toml
+          - {{ traefik_docker_compose_directory }}/acme.json:/acme.json
+        labels:
+          - traefik.enable=true
+          - traefik.docker.network=traefik_network
+        networks:
+          - traefik_network
+
+networks:
+    traefik_network:
+        external: true

roles/traefik/templates/opt/traefik/traefik.toml.j2

@@ -0,0 +1,43 @@
+# {{ ansible_managed }}
+###Traefik.toml###
+
+logLevel = "{{ traefik_docker_log_level }}"
+defaultEntryPoints = ["http","https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+{% if not traefik_acme_enabled %}
+    [[entryPoints.https.tls.certificate]]
+    certFile = "/certs/local-cert.pem"
+    keyFile = "/certs/local-key.pem"
+{% endif %}
+
+{% if traefik_dashboard_enabled %}
+[api]
+  # With this you enable the web UI
+  insecure = true
+  dashboard = true
+{% endif %}
+
+{% if traefik_acme_enabled %}
+[acme]
+email = "etienne.besson@gmail.com"
+storage = "acme.json"
+onHostRule = true
+entryPoint = "https" 
+  [acme.tlsChallenge]
+{% endif %}
+
+# Enable Docker configuration backend
+[docker]
+  endpoint = "unix:///var/run/docker.sock"
+  domain = "{{ traefik_docker_domain }}"
+  watch = true
+  exposedByDefault = false 
+