78 lines
2.4 KiB
YAML

---
- name: '{{ traefik_user }} | Create user'
ansible.builtin.user:
name: '{{ traefik_user }}'
password: "{{ traefik_user.hash_password | default('!') }}"
shell: '/bin/bash'
append: true
state: present
no_log: true
- name: Ensure /etc/certs exist
ansible.builtin.file:
path: '{{ item.path }}'
state: '{{ item.state }}'
owner: '{{ traefik_user }}'
group: '{{ traefik_user }}'
mode: '0755'
loop:
- {path: '/home/{{ traefik_user }}/config/traefik/etc/certs', state: directory}
- {path: '/home/{{ traefik_user }}/config/traefik/config', state: directory}
- name: 'Copy cert on {{ inventory_hostname }}.'
ansible.builtin.copy:
src: 'files/{{ item }}'
dest: '/home/{{ traefik_user }}/config/traefik/{{ item }}'
owner: '{{ traefik_user }}'
group: '{{ traefik_user }}'
mode: '0740'
loop:
- etc/certs/local.fr.crt
- etc/certs/local.fr.key
- config/dynamic_conf.toml
- config/middlewares.yml
- traefik.toml
- name: "Add network for container"
community.docker.docker_network:
name: "{{ item }}"
internal: no
ipam_config:
- subnet: 172.18.0.0/16
gateway: 172.18.0.1
loop: "{{ traefik_dev_network }}"
- name: Create traefik container
community.docker.docker_container:
name: 'traefik'
image: 'traefik:{{ traefik_dev_version }}'
state: started
restart: true
restart_policy: on-failure
restart_retries: 3
purge_networks: yes
networks_cli_compatible: false
networks:
- name: "{{ traefik_dev_network[0] }}"
ipv4_address: 172.18.0.2
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- '/home/{{ traefik_user }}/config/traefik/etc/certs/:/etc/certs:ro'
- '/home/{{ traefik_user }}/config/traefik/config:/etc/traefik/config:ro'
- '/home/{{ traefik_user }}/config/traefik/traefik.toml:/traefik.toml:ro'
labels:
traefik.http.routers.api.rule: 'Host(`traefik.local.fr`)'
traefik.http.routers.api.service: 'api@internal'
traefik.http.middlewares.auth.basicauth.users: 'admin:$apr1$YNIut6CR$IAtMZlvNBBMXe7cRNXDG0.'
traefik.http.routers.api.entrypoints: 'websecure'
traefik.http.routers.api.tls: 'true'
traefik.enable: 'true'
ports:
- '443:443'
- '8090:8090'
- '80:80'
log_driver: 'json-file'
log_opt:
max-size: '1m'
max-file: '10'