113 lines
3.0 KiB
YAML
113 lines
3.0 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for traefik
|
|
|
|
- name: Create systemd user directory
|
|
ansible.builtin.file:
|
|
path: ~/.config/systemd/user
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Create podman quadlet directory
|
|
ansible.builtin.file:
|
|
path: ~/.config/containers/systemd
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Create acme file
|
|
ansible.builtin.file:
|
|
path: "~/{{ infra_acme.storage }}"
|
|
state: file
|
|
mode: "0600"
|
|
|
|
- name: Setup local socket for traefik
|
|
ansible.builtin.systemd_service:
|
|
name: podman.socket
|
|
state: started
|
|
enabled: true
|
|
scope: user
|
|
|
|
- name: Stop legacy generated traefik service
|
|
ansible.builtin.systemd_service:
|
|
name: container-traefik.service
|
|
state: stopped
|
|
enabled: false
|
|
scope: user
|
|
failed_when: false
|
|
|
|
- name: Remove legacy generated traefik service
|
|
ansible.builtin.file:
|
|
path: ~/.config/systemd/user/container-traefik.service
|
|
state: absent
|
|
|
|
- name: Install traefik http socket
|
|
ansible.builtin.copy:
|
|
dest: ~/.config/systemd/user/http.socket
|
|
mode: "0644"
|
|
content: |
|
|
[Socket]
|
|
ListenStream=80
|
|
FileDescriptorName=http
|
|
Service=traefik.service
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
|
|
- name: Install traefik https socket
|
|
ansible.builtin.copy:
|
|
dest: ~/.config/systemd/user/https.socket
|
|
mode: "0644"
|
|
content: |
|
|
[Socket]
|
|
ListenStream=443
|
|
FileDescriptorName=https
|
|
Service=traefik.service
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|
|
|
|
- name: Install traefik quadlet
|
|
ansible.builtin.copy:
|
|
dest: ~/.config/containers/systemd/traefik.container
|
|
mode: "0644"
|
|
content: |
|
|
[Unit]
|
|
After=podman.socket http.socket https.socket
|
|
Requires=podman.socket http.socket https.socket
|
|
|
|
[Service]
|
|
Sockets=http.socket https.socket
|
|
Restart=always
|
|
|
|
[Container]
|
|
ContainerName=traefik
|
|
Image=docker.io/library/traefik:latest
|
|
Exec=--api.dashboard=true --api.insecure=true --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }} --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }} --certificatesresolvers.lets-encrypt.acme.tlschallenge=true --entrypoints.http --entrypoints.http.http.redirections.entryPoint.to=https --entrypoints.http.http.redirections.entryPoint.scheme=https --entrypoints.https --providers.docker=true
|
|
Network=podman
|
|
Notify=true
|
|
PublishPort=8080:8080
|
|
SecurityLabelDisable=true
|
|
Volume=%t/podman/podman.sock:/var/run/docker.sock
|
|
Volume=%h/{{ infra_acme.storage }}:/{{ infra_acme.storage }}:Z
|
|
|
|
- name: Reload systemd user units
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|
|
scope: user
|
|
|
|
- name: Activate traefik sockets
|
|
ansible.builtin.systemd_service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
scope: user
|
|
loop:
|
|
- http.socket
|
|
- https.socket
|
|
|
|
- name: Activate traefik service
|
|
ansible.builtin.systemd_service:
|
|
name: traefik.service
|
|
state: started
|
|
scope: user
|