From 228d9ea8a8a75066e4e6a667e561c2649bcbbc0b Mon Sep 17 00:00:00 2001 From: Simonas Kareiva Date: Wed, 6 May 2026 13:36:30 +0300 Subject: [PATCH] Move unit content to files/templates --- roles/infra/files/http.socket | 7 ++++ roles/infra/files/https.socket | 7 ++++ roles/infra/tasks/traefik.yml | 40 +++------------------- roles/infra/templates/traefik.container.j2 | 18 ++++++++++ 4 files changed, 36 insertions(+), 36 deletions(-) create mode 100644 roles/infra/files/http.socket create mode 100644 roles/infra/files/https.socket create mode 100644 roles/infra/templates/traefik.container.j2 diff --git a/roles/infra/files/http.socket b/roles/infra/files/http.socket new file mode 100644 index 0000000..0759995 --- /dev/null +++ b/roles/infra/files/http.socket @@ -0,0 +1,7 @@ +[Socket] +ListenStream=80 +FileDescriptorName=http +Service=traefik.service + +[Install] +WantedBy=sockets.target diff --git a/roles/infra/files/https.socket b/roles/infra/files/https.socket new file mode 100644 index 0000000..032c137 --- /dev/null +++ b/roles/infra/files/https.socket @@ -0,0 +1,7 @@ +[Socket] +ListenStream=443 +FileDescriptorName=https +Service=traefik.service + +[Install] +WantedBy=sockets.target diff --git a/roles/infra/tasks/traefik.yml b/roles/infra/tasks/traefik.yml index 6bfecaa..1ba091b 100644 --- a/roles/infra/tasks/traefik.yml +++ b/roles/infra/tasks/traefik.yml @@ -42,53 +42,21 @@ - name: Install traefik http socket ansible.builtin.copy: + src: http.socket dest: ~/.config/systemd/user/http.socket mode: "0644" - content: | - [Socket] - ListenStream=80 - FileDescriptorName=http - Service=traefik.service - - [Install] - WantedBy=sockets.target - name: Install traefik https socket ansible.builtin.copy: + src: https.socket dest: ~/.config/systemd/user/https.socket mode: "0644" - content: | - [Socket] - ListenStream=443 - FileDescriptorName=https - Service=traefik.service - - [Install] - WantedBy=sockets.target - name: Install traefik quadlet - ansible.builtin.copy: + ansible.builtin.template: + src: traefik.container.j2 dest: ~/.config/containers/systemd/traefik.container mode: "0644" - content: | - [Unit] - After=podman.socket http.socket https.socket - Requires=podman.socket http.socket https.socket - - [Service] - Sockets=http.socket https.socket - Restart=always - - [Container] - ContainerName=traefik - Image=docker.io/library/traefik:latest - Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true - Network=podman - Notify=true - PublishPort=8080:8080 - SecurityLabelDisable=true - Volume=%t/podman/podman.sock:/var/run/docker.sock - Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z - name: Reload systemd user units ansible.builtin.systemd_service: diff --git a/roles/infra/templates/traefik.container.j2 b/roles/infra/templates/traefik.container.j2 new file mode 100644 index 0000000..80bcc24 --- /dev/null +++ b/roles/infra/templates/traefik.container.j2 @@ -0,0 +1,18 @@ +[Unit] +After=podman.socket http.socket https.socket +Requires=podman.socket http.socket https.socket + +[Service] +Sockets=http.socket https.socket +Restart=always + +[Container] +ContainerName=traefik +Image=docker.io/library/traefik:latest +Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true +Network=podman +Notify=true +PublishPort=8080:8080 +SecurityLabelDisable=true +Volume=%t/podman/podman.sock:/var/run/docker.sock +Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z