#SPDX-License-Identifier: MIT-0
---
# tasks file for traefik

- name: Create acme file
  ansible.builtin.file:
    path: "~/{{ infra_acme.storage }}"
    state: file
    mode: "0600"

- name: Setup local socket for traefik
  ansible.builtin.systemd_service:
    name: podman.socket
    state: started
    enabled: true
    scope: user

- name: Create main traefik container
  containers.podman.podman_container:
    name: traefik
    image: docker.io/library/traefik:latest
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    network:
      - podman
    security_opt:
      - "label=type:container_runtime_t"
    volumes:
      - "/run/user/1000/podman/podman.sock:/var/run/docker.sock:z"
      - "/home/apps/acme.json:/acme.json:z"
    command: >-
      --api.dashboard=true
      --api.insecure=true
      --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }}
      --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }}
      --certificatesresolvers.lets-encrypt.acme.tlschallenge=true
      --entrypoints.http.address=:80
      --entrypoints.http.http.redirections.entryPoint.to=https
      --entrypoints.http.http.redirections.entryPoint.scheme=https
      --entrypoints.https.address=:443
      --providers.docker=true
    generate_systemd:
      new: true
      restart_policy: "always"
      path: "~/.config/systemd/user/"

- name: Activate traefik container service
  ansible.builtin.systemd_service:
    name: container-traefik.service
    state: started
    enabled: true
    scope: user