Deploy mastodon v0.1

roles/infra/tasks/traefik.yml

@@ -0,0 +1,54 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for traefik
+
+- name: Create acme file
+  ansible.builtin.file:
+    path: "~/{{ infra_acme.storage }}"
+    state: file
+    mode: "0600"
+
+- name: Setup local socket for traefik
+  ansible.builtin.systemd_service:
+    name: podman.socket
+    state: started
+    enabled: true
+    scope: user
+
+- name: Create main traefik container
+  containers.podman.podman_container:
+    name: traefik
+    image: docker.io/library/traefik:latest
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    network:
+      - podman
+    security_opt:
+      - "label=type:container_runtime_t"
+    volumes:
+      - "/run/user/1000/podman/podman.sock:/var/run/docker.sock:z"
+      - "/home/apps/acme.json:/acme.json:z"
+    command: >-
+      --api.dashboard=true
+      --api.insecure=true
+      --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }}
+      --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }}
+      --certificatesresolvers.lets-encrypt.acme.tlschallenge=true
+      --entrypoints.http.address=:80
+      --entrypoints.http.http.redirections.entryPoint.to=https
+      --entrypoints.http.http.redirections.entryPoint.scheme=https
+      --entrypoints.https.address=:443
+      --providers.docker=true
+    generate_systemd:
+      new: true
+      restart_policy: "always"
+      path: "~/.config/systemd/user/"
+
+- name: Activate traefik container service
+  ansible.builtin.systemd_service:
+    name: container-traefik.service
+    state: started
+    enabled: true
+    scope: user