roles/infra/files/http.socket

@@ -0,0 +1,7 @@
+[Socket]
+ListenStream=80
+FileDescriptorName=http
+Service=traefik.service
+
+[Install]
+WantedBy=sockets.target

roles/infra/files/https.socket

@@ -0,0 +1,7 @@
+[Socket]
+ListenStream=443
+FileDescriptorName=https
+Service=traefik.service
+
+[Install]
+WantedBy=sockets.target

roles/infra/tasks/traefik.yml

@@ -42,53 +42,21 @@
 
 - name: Install traefik http socket
   ansible.builtin.copy:
+    src: http.socket
     dest: ~/.config/systemd/user/http.socket
     mode: "0644"
-    content: |
-      [Socket]
-      ListenStream=80
-      FileDescriptorName=http
-      Service=traefik.service
-
-      [Install]
-      WantedBy=sockets.target
 
 - name: Install traefik https socket
   ansible.builtin.copy:
+    src: https.socket
     dest: ~/.config/systemd/user/https.socket
     mode: "0644"
-    content: |
-      [Socket]
-      ListenStream=443
-      FileDescriptorName=https
-      Service=traefik.service
-
-      [Install]
-      WantedBy=sockets.target
 
 - name: Install traefik quadlet
-  ansible.builtin.copy:
+  ansible.builtin.template:
+    src: traefik.container.j2
     dest: ~/.config/containers/systemd/traefik.container
     mode: "0644"
-    content: |
-      [Unit]
-      After=podman.socket http.socket https.socket
-      Requires=podman.socket http.socket https.socket
-
-      [Service]
-      Sockets=http.socket https.socket
-      Restart=always
-
-      [Container]
-      ContainerName=traefik
-      Image=docker.io/library/traefik:latest
-      Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true
-      Network=podman
-      Notify=true
-      PublishPort=8080:8080
-      SecurityLabelDisable=true
-      Volume=%t/podman/podman.sock:/var/run/docker.sock
-      Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z
 
 - name: Reload systemd user units
   ansible.builtin.systemd_service:

roles/infra/templates/traefik.container.j2

@@ -0,0 +1,18 @@
+[Unit]
+After=podman.socket http.socket https.socket
+Requires=podman.socket http.socket https.socket
+
+[Service]
+Sockets=http.socket https.socket
+Restart=always
+
+[Container]
+ContainerName=traefik
+Image=docker.io/library/traefik:latest
+Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true
+Network=podman
+Notify=true
+PublishPort=8080:8080
+SecurityLabelDisable=true
+Volume=%t/podman/podman.sock:/var/run/docker.sock
+Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z