From 035ff0ac24c6b17c03b8abee9fb8b848baa6bc0d Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 2 Feb 2020 21:10:29 +0000 Subject: [PATCH] Add traefik config --- .../docker/files/traefik/docker-compose.yml | 12 ++++ .../docker/files/traefik/file-provider.yml | 42 +++++++++++++ .../roles/docker/files/traefik/traefik.yml | 38 ++++++++++++ ansible/roles/docker/tasks/main.yml | 3 + ansible/roles/docker/tasks/traefik.yml | 59 +++++++++++++++++++ 5 files changed, 154 insertions(+) create mode 100644 ansible/roles/docker/files/traefik/docker-compose.yml create mode 100644 ansible/roles/docker/files/traefik/file-provider.yml create mode 100644 ansible/roles/docker/files/traefik/traefik.yml create mode 100644 ansible/roles/docker/tasks/traefik.yml diff --git a/ansible/roles/docker/files/traefik/docker-compose.yml b/ansible/roles/docker/files/traefik/docker-compose.yml new file mode 100644 index 0000000..f0ea104 --- /dev/null +++ b/ansible/roles/docker/files/traefik/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3" + +services: + traefik: + container_name: traefik + image: traefik:v2.1.2 + #command: "--log.level=DEBUG" + network_mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik:/etc/traefik + restart: unless-stopped diff --git a/ansible/roles/docker/files/traefik/file-provider.yml b/ansible/roles/docker/files/traefik/file-provider.yml new file mode 100644 index 0000000..7eb024a --- /dev/null +++ b/ansible/roles/docker/files/traefik/file-provider.yml @@ -0,0 +1,42 @@ +http: + middlewares: + internal-only: + ipWhiteList: + sourceRange: + - "{{ wireguard.cidr }}" + - "192.168.1.0/24" + hsts: + redirectScheme: + scheme: https + + routers: + hsts: + service: "ping@internal" + rule: "PathPrefix(`/`)" + entryPoints: + - web + middlewares: + - hsts + ping: + service: "ping@internal" + rule: "Host(`traefik.jakehoward.tech`) && Path(`/ping/`)" + middlewares: + - hsts + tls: + certResolver: le + dashboard: + service: "dashboard@internal" + rule: "Host(`traefik.jakehoward.tech`)" + middlewares: + - hsts + - internal-only + tls: + certResolver: le + api: + service: "api@internal" + rule: "Host(`traefik.jakehoward.tech`) && PathPrefix(`/api`)" + middlewares: + - hsts + - internal-only + tls: + certResolver: le diff --git a/ansible/roles/docker/files/traefik/traefik.yml b/ansible/roles/docker/files/traefik/traefik.yml new file mode 100644 index 0000000..7defbd5 --- /dev/null +++ b/ansible/roles/docker/files/traefik/traefik.yml @@ -0,0 +1,38 @@ +entryPoints: + web: + address: ":80" + proxyProtocol: + trustedIPs: + - "{{ wireguard.cidr }}" + web-secure: + address: ":443" + proxyProtocol: + trustedIPs: + - "{{ wireguard.cidr }}" + matrix: + address: ":8448" + proxyProtocol: + trustedIPs: + - "{{ wireguard.cidr }}" + +ping: + manualRouting: true + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + watch: true + exposedByDefault: false + file: + filename: /etc/traefik/file-provider.yml + +api: + dashboard: true + +certificatesResolvers: + le: + acme: + email: "hosting@theorangeone.net" + storage: "/etc/traefik/acme.json" + httpChallenge: + entryPoint: web diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 376bc06..ecf4475 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -27,3 +27,6 @@ - name: Install gotify include: gotify.yml + +- name: Install traefik + include: traefik.yml diff --git a/ansible/roles/docker/tasks/traefik.yml b/ansible/roles/docker/tasks/traefik.yml new file mode 100644 index 0000000..66c6905 --- /dev/null +++ b/ansible/roles/docker/tasks/traefik.yml @@ -0,0 +1,59 @@ +- name: Create traefik directory + file: + path: '/opt/traefik' + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Create traefik config directory + file: + path: '/opt/traefik/traefik' + state: directory + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Install traefik compose file + template: + src: files/traefik/docker-compose.yml + dest: "/opt/traefik/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: /usr/bin/docker-compose -f %s config + register: compose_file + become: true + become_user: root + +- name: Install traefik config + template: + src: files/traefik/traefik.yml + dest: "/opt/traefik/traefik/traefik.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: config_file + become: true + become_user: root + +- name: Install traefik file provider + template: + src: files/traefik/file-provider.yml + dest: "/opt/traefik/traefik/file-provider.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: file_provider + become: true + become_user: root + +- name: Cycle traefik container + docker_compose: + project_src: /opt/traefik + pull: true + remove_orphans: true + remove_volumes: true + state: "{{ item }}" + when: compose_file.changed or config_file.changed or file_provider.changed + loop: + - absent + - present