put traefik in ansible

Makefile

@@ -22,4 +22,7 @@ pizzeria:
 ssh:
 	ansible-playbook playbooks/ssh.yml -i inventory/hosts.yml
 
+traefik:
+	ansible-playbook playbooks/traefik.yml -i inventory/hosts.yml
+
 .PHONY: run

README.md

@@ -11,8 +11,8 @@ I could check whether the zone has changed or new keys were generated but that i
 
 ### Traefik
 
-create network
-make docker compose depend on traefik
+- create network
+- make docker compose depend on traefik
 
 ### Firewall
 

playbooks/traefik.yml

@@ -0,0 +1,4 @@
+- name: Install traefik
+  hosts: nucs
+  roles:
+    - traefik

roles/traefik/files/docker-compose.yml

@@ -0,0 +1,33 @@
+version: '3'
+
+networks:
+  traefik:
+    external: true
+
+services:
+  reverse-proxy:
+    restart: always
+    image: traefik:v2.9
+    command:
+      - "--providers.docker"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.websecure.address=:443"
+    ports:
+      - "443:443"
+      - "80:80"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /apps/traefik/traefik.toml:/etc/traefik/traefik.toml
+      - /apps/traefik/services.toml:/etc/traefik/services.toml
+      - /apps/traefik/acme.json:/acme.json
+    networks:
+      - traefik
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.esrom.entrypoints=websecure
+      - traefik.http.routers.esrom.service=esrom@file
+      - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
+      - traefik.http.routers.esrom.tls=true
+      - traefik.http.routers.esrom.tls.certresolver=geokunis

roles/traefik/files/services.toml

@@ -0,0 +1,6 @@
+[http]
+  [http.services]
+    [http.services.esrom]
+      [http.services.esrom.loadBalancer]
+        [[http.services.esrom.loadBalancer.servers]]
+          url = "http://192.168.30.2:80/"

roles/traefik/files/traefik.toml

@@ -0,0 +1,27 @@
+loglevel = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+  address = ":80"
+  [entryPoints.websecure]
+  address = ":443"
+
+[api]
+
+[providers.docker]
+  endpoint = "unix:///var/run/docker.sock"
+
+[providers.file]
+  filename = "/etc/traefik/services.toml"
+
+[certificatesResolvers.geokunis.acme]
+  email = "pim@kunis.nl"
+  storage = "acme.json"
+  [certificatesResolvers.geokunis.acme.httpChallenge]
+    entryPoint = "web"
+
+[certificatesResolvers.pizzapim.acme]
+  email = "pim@kunis.nl"
+  storage = "acme.json"
+  [certificatesResolvers.pizzapim.acme.httpChallenge]
+    entryPoint = "web"

roles/traefik/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: common
+  - role: docker

roles/traefik/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Create traefik app directory
+  file:
+    path: /apps/traefik
+    state: directory
+- name: Create acme file
+  copy:
+    content: ""
+    dest: /apps/traefik/acme.json
+    force: no
+- name: Copy Docker Compose script
+  copy:
+    src: "{{ role_path }}/files/docker-compose.yml"
+    dest: /apps/traefik/docker-compose.yml
+- name: Copy traefik.toml
+  copy:
+    src: "{{ role_path }}/files/traefik.toml"
+    dest: /apps/traefik/traefik.toml
+- name: Copy services.toml
+  copy:
+    src: "{{ role_path }}/files/services.toml"
+    dest: /apps/traefik/services.toml
+- name: Start Docker Compose
+  docker_compose:
+    project_src: /apps/traefik
+    pull: true
+    remove_orphans: true