Compare commits
2 Commits
e4acfcec47
...
sockets
| Author | SHA1 | Date | |
|---|---|---|---|
| 228d9ea8a8 | |||
| d5b1d991ae |
7
roles/infra/files/http.socket
Normal file
7
roles/infra/files/http.socket
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
[Socket]
|
||||||
|
ListenStream=80
|
||||||
|
FileDescriptorName=http
|
||||||
|
Service=traefik.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
||||||
7
roles/infra/files/https.socket
Normal file
7
roles/infra/files/https.socket
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
[Socket]
|
||||||
|
ListenStream=443
|
||||||
|
FileDescriptorName=https
|
||||||
|
Service=traefik.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
||||||
@@ -2,6 +2,18 @@
|
|||||||
---
|
---
|
||||||
# tasks file for traefik
|
# tasks file for traefik
|
||||||
|
|
||||||
|
- name: Create systemd user directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: ~/.config/systemd/user
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Create podman quadlet directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: ~/.config/containers/systemd
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
- name: Create acme file
|
- name: Create acme file
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "~/{{ infra_acme.storage }}"
|
path: "~/{{ infra_acme.storage }}"
|
||||||
@@ -15,40 +27,54 @@
|
|||||||
enabled: true
|
enabled: true
|
||||||
scope: user
|
scope: user
|
||||||
|
|
||||||
- name: Create main traefik container
|
- name: Stop legacy generated traefik service
|
||||||
containers.podman.podman_container:
|
|
||||||
name: traefik
|
|
||||||
image: docker.io/library/traefik:latest
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
- "8080:8080"
|
|
||||||
network:
|
|
||||||
- podman
|
|
||||||
security_opt:
|
|
||||||
- "label=type:container_runtime_t"
|
|
||||||
volumes:
|
|
||||||
- "/run/user/1000/podman/podman.sock:/var/run/docker.sock:z"
|
|
||||||
- "/home/apps/acme.json:/acme.json:z"
|
|
||||||
command: >-
|
|
||||||
--api.dashboard=true
|
|
||||||
--api.insecure=true
|
|
||||||
--certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }}
|
|
||||||
--certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }}
|
|
||||||
--certificatesresolvers.lets-encrypt.acme.tlschallenge=true
|
|
||||||
--entrypoints.http.address=:80
|
|
||||||
--entrypoints.http.http.redirections.entryPoint.to=https
|
|
||||||
--entrypoints.http.http.redirections.entryPoint.scheme=https
|
|
||||||
--entrypoints.https.address=:443
|
|
||||||
--providers.docker=true
|
|
||||||
generate_systemd:
|
|
||||||
new: true
|
|
||||||
restart_policy: "always"
|
|
||||||
path: "~/.config/systemd/user/"
|
|
||||||
|
|
||||||
- name: Activate traefik container service
|
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
name: container-traefik.service
|
name: container-traefik.service
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
scope: user
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Remove legacy generated traefik service
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: ~/.config/systemd/user/container-traefik.service
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Install traefik http socket
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: http.socket
|
||||||
|
dest: ~/.config/systemd/user/http.socket
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Install traefik https socket
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: https.socket
|
||||||
|
dest: ~/.config/systemd/user/https.socket
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Install traefik quadlet
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: traefik.container.j2
|
||||||
|
dest: ~/.config/containers/systemd/traefik.container
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Reload systemd user units
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
daemon_reload: true
|
||||||
|
scope: user
|
||||||
|
|
||||||
|
- name: Activate traefik sockets
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: "{{ item }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
scope: user
|
scope: user
|
||||||
|
loop:
|
||||||
|
- http.socket
|
||||||
|
- https.socket
|
||||||
|
|
||||||
|
- name: Activate traefik service
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: traefik.service
|
||||||
|
state: started
|
||||||
|
scope: user
|
||||||
|
|||||||
18
roles/infra/templates/traefik.container.j2
Normal file
18
roles/infra/templates/traefik.container.j2
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
[Unit]
|
||||||
|
After=podman.socket http.socket https.socket
|
||||||
|
Requires=podman.socket http.socket https.socket
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Sockets=http.socket https.socket
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Container]
|
||||||
|
ContainerName=traefik
|
||||||
|
Image=docker.io/library/traefik:latest
|
||||||
|
Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true
|
||||||
|
Network=podman
|
||||||
|
Notify=true
|
||||||
|
PublishPort=8080:8080
|
||||||
|
SecurityLabelDisable=true
|
||||||
|
Volume=%t/podman/podman.sock:/var/run/docker.sock
|
||||||
|
Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z
|
||||||
Reference in New Issue
Block a user