55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for traefik
|
|
|
|
- name: Create acme file
|
|
ansible.builtin.file:
|
|
path: "~/{{ infra_acme.storage }}"
|
|
state: file
|
|
mode: "0600"
|
|
|
|
- name: Setup local socket for traefik
|
|
ansible.builtin.systemd_service:
|
|
name: podman.socket
|
|
state: started
|
|
enabled: true
|
|
scope: user
|
|
|
|
- name: Create main traefik container
|
|
containers.podman.podman_container:
|
|
name: traefik
|
|
image: docker.io/library/traefik:latest
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
network:
|
|
- podman
|
|
security_opt:
|
|
- "label=type:container_runtime_t"
|
|
volumes:
|
|
- "/run/user/1000/podman/podman.sock:/var/run/docker.sock:z"
|
|
- "/home/apps/acme.json:/acme.json:z"
|
|
command: >-
|
|
--api.dashboard=true
|
|
--api.insecure=true
|
|
--certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }}
|
|
--certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }}
|
|
--certificatesresolvers.lets-encrypt.acme.tlschallenge=true
|
|
--entrypoints.http.address=:80
|
|
--entrypoints.http.http.redirections.entryPoint.to=https
|
|
--entrypoints.http.http.redirections.entryPoint.scheme=https
|
|
--entrypoints.https.address=:443
|
|
--providers.docker=true
|
|
generate_systemd:
|
|
new: true
|
|
restart_policy: "always"
|
|
path: "~/.config/systemd/user/"
|
|
|
|
- name: Activate traefik container service
|
|
ansible.builtin.systemd_service:
|
|
name: container-traefik.service
|
|
state: started
|
|
enabled: true
|
|
scope: user
|