2026-05-06 13:38:08 +03:00
4 changed files with 36 additions and 36 deletions
--- a/roles/infra/files/http.socket
+++ b/roles/infra/files/http.socket
@@ -0,0 +1,7 @@
+[Socket]
+ListenStream=80
+FileDescriptorName=http
+Service=traefik.service
+
+[Install]
+WantedBy=sockets.target
--- a/roles/infra/files/https.socket
+++ b/roles/infra/files/https.socket
@@ -0,0 +1,7 @@
+[Socket]
+ListenStream=443
+FileDescriptorName=https
+Service=traefik.service
+
+[Install]
+WantedBy=sockets.target
--- a/roles/infra/tasks/traefik.yml
+++ b/roles/infra/tasks/traefik.yml
@@ -42,53 +42,21 @@

 - name: Install traefik http socket
  ansible.builtin.copy:
+    src: http.socket
    dest: ~/.config/systemd/user/http.socket
    mode: "0644"
-    content: |
-      [Socket]
-      ListenStream=80
-      FileDescriptorName=http
-      Service=traefik.service
-
-      [Install]
-      WantedBy=sockets.target

 - name: Install traefik https socket
  ansible.builtin.copy:
+    src: https.socket
    dest: ~/.config/systemd/user/https.socket
    mode: "0644"
-    content: |
-      [Socket]
-      ListenStream=443
-      FileDescriptorName=https
-      Service=traefik.service
-
-      [Install]
-      WantedBy=sockets.target

 - name: Install traefik quadlet
-  ansible.builtin.copy:
+  ansible.builtin.template:
+    src: traefik.container.j2
    dest: ~/.config/containers/systemd/traefik.container
    mode: "0644"
-    content: |
-      [Unit]
-      After=podman.socket http.socket https.socket
-      Requires=podman.socket http.socket https.socket
-
-      [Service]
-      Sockets=http.socket https.socket
-      Restart=always
-
-      [Container]
-      ContainerName=traefik
-      Image=docker.io/library/traefik:latest
-      Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true
-      Network=podman
-      Notify=true
-      PublishPort=8080:8080
-      SecurityLabelDisable=true
-      Volume=%t/podman/podman.sock:/var/run/docker.sock
-      Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z

 - name: Reload systemd user units
  ansible.builtin.systemd_service:
--- a/roles/infra/templates/traefik.container.j2
+++ b/roles/infra/templates/traefik.container.j2
@@ -0,0 +1,18 @@
+[Unit]
+After=podman.socket http.socket https.socket
+Requires=podman.socket http.socket https.socket
+
+[Service]
+Sockets=http.socket https.socket
+Restart=always
+
+[Container]
+ContainerName=traefik
+Image=docker.io/library/traefik:latest
+Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true
+Network=podman
+Notify=true
+PublishPort=8080:8080
+SecurityLabelDisable=true
+Volume=%t/podman/podman.sock:/var/run/docker.sock
+Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z