From 4d8f9e816c659b266c4dbdddc883b185870dcdf4 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 7 Feb 2023 23:25:30 +0100
Subject: [PATCH] by default disable traefik service for docker container

---
 roles/blog/templates/docker-compose.yml.j2     | 1 +
 roles/forgejo/templates/docker-compose.yml.j2  | 1 +
 roles/freshrss/templates/docker-compose.yml.j2 | 3 ++-
 roles/jitsi/templates/docker-compose.yml.j2    | 2 ++
 roles/mastodon/templates/docker-compose.yml.j2 | 2 ++
 roles/miniflux/templates/docker-compose.yml.j2 | 1 +
 roles/radicale/templates/docker-compose.yml.j2 | 2 ++
 roles/seafile/templates/docker-compose.yml.j2  | 1 +
 roles/traefik/tasks/main.yml                   | 3 +++
 roles/traefik/templates/traefik.toml.j2        | 1 +
 10 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/roles/blog/templates/docker-compose.yml.j2 b/roles/blog/templates/docker-compose.yml.j2
index 84b1305..5c5fb1c 100644
--- a/roles/blog/templates/docker-compose.yml.j2
+++ b/roles/blog/templates/docker-compose.yml.j2
@@ -12,6 +12,7 @@ services:
     networks:
       - traefik
     labels:
+      - traefik.enable=true
       - traefik.http.routers.blog.entrypoints=websecure
       - traefik.http.routers.blog.rule=Host(`pizzapim.nl`)
       - traefik.http.routers.blog.tls=true
diff --git a/roles/forgejo/templates/docker-compose.yml.j2 b/roles/forgejo/templates/docker-compose.yml.j2
index dd0464a..88dccec 100644
--- a/roles/forgejo/templates/docker-compose.yml.j2
+++ b/roles/forgejo/templates/docker-compose.yml.j2
@@ -20,6 +20,7 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     labels:
+      - traefik.enable=true
       - traefik.http.routers.forgejo.entrypoints=websecure
       - traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
       - traefik.http.routers.forgejo.tls=true
diff --git a/roles/freshrss/templates/docker-compose.yml.j2 b/roles/freshrss/templates/docker-compose.yml.j2
index 85ca331..bab303b 100644
--- a/roles/freshrss/templates/docker-compose.yml.j2
+++ b/roles/freshrss/templates/docker-compose.yml.j2
@@ -24,11 +24,12 @@ services:
       ADMIN_API_PASSWORD: {{ admin_password }}
       PUBLISHED_PORT: 443
     labels:
+      - traefik.enable=true
       - traefik.http.routers.freshrss.entrypoints=websecure
       - traefik.http.routers.freshrss.rule=Host(`rss.pizzapim.nl`)
       - traefik.http.routers.freshrss.tls=true
       - traefik.http.routers.freshrss.tls.certresolver=pizzapim
-      - traefik.tcp.routers.freshrss.service=freshrss
+      - traefik.http.routers.freshrss.service=freshrss
 
 networks:
   traefik:
diff --git a/roles/jitsi/templates/docker-compose.yml.j2 b/roles/jitsi/templates/docker-compose.yml.j2
index 63e6c6e..120fe05 100644
--- a/roles/jitsi/templates/docker-compose.yml.j2
+++ b/roles/jitsi/templates/docker-compose.yml.j2
@@ -21,6 +21,7 @@ services:
             - meet.jitsi
             - traefik
         labels:
+            - traefik.enable=true
             - traefik.http.routers.jitsi-web.entrypoints=websecure
             - traefik.http.routers.jitsi-web.rule=Host(`{{ public_domain }}`)
             - traefik.http.routers.jitsi-web.tls=true
@@ -96,6 +97,7 @@ services:
         networks:
             meet.jitsi:
         labels:
+            - traefik.enable=true
             - traefik.udp.routers.jitsi-videobridge.rule=HostSNI(`*`)
             - traefik.udp.routers.jitsi-videobridge.entrypoints=video
             - traefik.udp.routers.jitsi-videobridge.service=jitsi-videobridge
diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/roles/mastodon/templates/docker-compose.yml.j2
index f39a730..1a01165 100644
--- a/roles/mastodon/templates/docker-compose.yml.j2
+++ b/roles/mastodon/templates/docker-compose.yml.j2
@@ -49,6 +49,7 @@ services:
       - {{ data_dir }}/public/system:/mastodon/public/system
       - {{ service_dir }}/cache:/mastodon/public/system/cache
     labels:
+      - traefik.enable=true
       - traefik.http.routers.mastodon.entrypoints=websecure
       - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
       - traefik.http.routers.mastodon.tls=true
@@ -73,6 +74,7 @@ services:
       - db
       - redis
     labels:
+      - traefik.enable=true
       - traefik.http.routers.mastodon-streaming.entrypoints=websecure
       - "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
       - traefik.http.routers.mastodon-streaming.service=mastodon-streaming
diff --git a/roles/miniflux/templates/docker-compose.yml.j2 b/roles/miniflux/templates/docker-compose.yml.j2
index dfed923..885ea48 100644
--- a/roles/miniflux/templates/docker-compose.yml.j2
+++ b/roles/miniflux/templates/docker-compose.yml.j2
@@ -12,6 +12,7 @@ services:
       - default
       - traefik
     labels:
+      - traefik.enable=true
       - traefik.http.routers.miniflux.entrypoints=websecure
       - traefik.http.routers.miniflux.rule=Host(`rss.pizzapim.nl`)
       - traefik.http.routers.miniflux.tls=true
diff --git a/roles/radicale/templates/docker-compose.yml.j2 b/roles/radicale/templates/docker-compose.yml.j2
index 0e64bb7..8293759 100644
--- a/roles/radicale/templates/docker-compose.yml.j2
+++ b/roles/radicale/templates/docker-compose.yml.j2
@@ -16,7 +16,9 @@ services:
     networks:
       - traefik
     labels:
+      - traefik.enable=true
       - traefik.http.routers.radicale.entrypoints=websecure
       - traefik.http.routers.radicale.rule=Host(`dav.pizzapim.nl`)
       - traefik.http.routers.radicale.tls=true
       - traefik.http.routers.radicale.tls.certresolver=pizzapim
+      - traefik.http.routers.radicale.service=radicale
diff --git a/roles/seafile/templates/docker-compose.yml.j2 b/roles/seafile/templates/docker-compose.yml.j2
index 6ace7f1..c37b880 100644
--- a/roles/seafile/templates/docker-compose.yml.j2
+++ b/roles/seafile/templates/docker-compose.yml.j2
@@ -35,6 +35,7 @@ services:
       - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not. 
       - SEAFILE_SERVER_HOSTNAME={{ seafile_domain }} # Specifies your host name if https is enabled. 
     labels:
+      - traefik.enable=true
       - traefik.http.routers.seafile.entrypoints=websecure
       - traefik.http.routers.seafile.rule=Host(`files.geokunis2.nl`)
       - traefik.http.routers.seafile.tls=true
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index d190b3f..9ba3f0f 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -16,10 +16,12 @@
   template:
     src: "{{ role_path }}/templates/traefik.toml.j2"
     dest: "{{ service_dir }}/traefik.toml"
+  register: traefik
 - name: Copy services.toml
   copy:
     src: "{{ role_path }}/files/services.toml"
     dest: "{{ service_dir }}/services.toml"
+  register: services
 - name: Create traefik network
   docker_network:
     name: "traefik"
@@ -28,3 +30,4 @@
     project_src: "{{ service_dir }}"
     pull: true
     remove_orphans: true
+    restarted: "{{ traefik.changed or services.changed }}"
diff --git a/roles/traefik/templates/traefik.toml.j2 b/roles/traefik/templates/traefik.toml.j2
index d7fbb24..ca8823b 100644
--- a/roles/traefik/templates/traefik.toml.j2
+++ b/roles/traefik/templates/traefik.toml.j2
@@ -26,6 +26,7 @@ loglevel = "DEBUG"
 
 [providers.docker]
   endpoint = "unix:///var/run/docker.sock"
+  exposedByDefault = false
 
 [providers.file]
   filename = "/etc/traefik/services.toml"