change directory structure

ansible/roles/traefik/files/services.toml

@@ -0,0 +1,6 @@
+[http]
+  [http.services]
+    [http.services.esrom]
+      [http.services.esrom.loadBalancer]
+        [[http.services.esrom.loadBalancer.servers]]
+          url = "http://esrom.dmz:80/"

ansible/roles/traefik/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: common
+  - role: docker

ansible/roles/traefik/tasks/main.yml

@@ -0,0 +1,33 @@
+- name: Create traefik app directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Create acme file
+  copy:
+    content: ""
+    dest: "{{ service_dir }}/acme.json"
+    force: no
+    mode: 0600
+- name: Copy Docker Compose script
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Copy traefik.toml
+  template:
+    src: "{{ role_path }}/templates/traefik.toml.j2"
+    dest: "{{ service_dir }}/traefik.toml"
+  register: traefik
+- name: Copy services.toml
+  copy:
+    src: "{{ role_path }}/files/services.toml"
+    dest: "{{ service_dir }}/services.toml"
+  register: services
+- name: Create traefik network
+  docker_network:
+    name: "traefik"
+- name: Start Docker Compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
+    restarted: "{{ traefik.changed or services.changed }}"

ansible/roles/traefik/templates/docker-compose.yml.j2

@@ -0,0 +1,35 @@
+version: '3'
+
+networks:
+  traefik:
+    external: true
+
+services:
+  reverse-proxy:
+    restart: always
+    image: traefik:v2.9
+    container_name: traefik
+    ports:
+      - "443:443"
+      - "80:80"
+      - "{{ git_ssh_port }}:{{ git_ssh_port }}"
+      - "{{ traefik_api_port }}:{{ traefik_api_port }}"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
+      - {{ service_dir }}/services.toml:/etc/traefik/services.toml
+      - {{ service_dir }}/acme.json:/acme.json
+    networks:
+      - traefik
+    labels:
+      - traefik.enable=true
+
+      - traefik.http.routers.esrom.entrypoints=websecure
+      - traefik.http.routers.esrom.service=esrom@file
+      - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
+      - traefik.http.routers.esrom.tls=true
+      - traefik.http.routers.esrom.tls.certresolver=letsencrypt
+
+      - traefik.http.routers.traefik.rule=Host(`max.dmz`)
+      - traefik.http.routers.traefik.entrypoints=internal
+      - traefik.http.routers.traefik.service=api@internal

ansible/roles/traefik/templates/traefik.toml.j2

@@ -0,0 +1,38 @@
+loglevel = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+  address = ":80"
+  [entryPoints.web.http.redirections.entryPoint]
+    to = "websecure"
+    scheme = "https"
+    permanent = true
+  [entryPoints.websecure]
+    address = ":443"
+  [entryPoints.ssh]
+    address = ":{{ git_ssh_port }}"
+  [entryPoints.video]
+    address = ":{{ jitsi_videobridge_port }}/udp"
+  [entryPoints.internal]
+    address = ":{{ traefik_api_port }}"
+
+[api]
+  insecure = false
+  dashboard = true
+
+[metrics]
+  [metrics.prometheus]
+    entryPoint = "internal"
+
+[providers.docker]
+  endpoint = "unix:///var/run/docker.sock"
+  exposedByDefault = false
+
+[providers.file]
+  filename = "/etc/traefik/services.toml"
+
+[certificatesResolvers.letsencrypt.acme]
+  email = "pim@kunis.nl"
+  storage = "acme.json"
+  [certificatesResolvers.letsencrypt.acme.httpChallenge]
+    entryPoint = "web"

ansible/roles/traefik/vars/main.yml

@@ -0,0 +1,2 @@
+service_name: traefik
+service_dir: "{{ base_service_dir }}/{{ service_name }}"