diff --git a/ansible/roles/syncthing/config.xml.j2 b/ansible/roles/syncthing/config.xml.j2
index 3487a72..7f6277d 100644
--- a/ansible/roles/syncthing/config.xml.j2
+++ b/ansible/roles/syncthing/config.xml.j2
@@ -231,6 +231,8 @@
0.0.0.0:8384
{{ api_key }}
light
+ pim
+ $2a$10$m3yFFV47/kiCTz0SILEZHOTTLGKX3rkh0Ig4ciqqMPWNPj4gI6gT2
diff --git a/ansible/roles/syncthing/docker-stack.yml.j2 b/ansible/roles/syncthing/docker-stack.yml.j2
index d3cf206..e9c9c46 100644
--- a/ansible/roles/syncthing/docker-stack.yml.j2
+++ b/ansible/roles/syncthing/docker-stack.yml.j2
@@ -1,6 +1,10 @@
# vi: ft=yaml
version: "3"
+networks:
+ traefik:
+ external: true
+
configs:
config:
file: /srv/syncthing/config.xml
@@ -12,13 +16,21 @@ configs:
services:
syncthing:
image: lscr.io/linuxserver/syncthing:latest
+ networks:
+ - traefik
deploy:
placement:
constraints:
- "node.labels.syncthing == true"
labels:
- - traefik.enable=false
- - com.centurylinklabs.watchtower.enable=false
+ - traefik.enable=true
+ - traefik.http.routers.syncthing.entrypoints=localsecure
+ - traefik.http.routers.syncthing.rule=Host(`syncthing.pim.kunis.nl`)
+ - traefik.http.routers.syncthing.service=syncthing
+ - traefik.http.routers.syncthing.tls=true
+ - traefik.http.routers.syncthing.tls.certresolver=letsencrypt
+ - traefik.docker.network=treafik
+ - traefik.http.services.syncthing.loadbalancer.server.port=8384
environment:
- PUID=1000
- PGID=1000
@@ -27,8 +39,6 @@ services:
- type: bind
source: /mnt/data/syncthing
target: /data
- ports:
- - 8384:8384
configs:
- source: config
target: /config/config.xml
diff --git a/ansible/roles/syncthing/tasks/main.yml b/ansible/roles/syncthing/tasks/main.yml
index dcd537d..2ea02e2 100644
--- a/ansible/roles/syncthing/tasks/main.yml
+++ b/ansible/roles/syncthing/tasks/main.yml
@@ -7,22 +7,31 @@
template:
src: "{{ role_path }}/config.xml.j2"
dest: /srv/syncthing/config.xml
+ register: config
- name: Copy private key
copy:
src: "{{ role_path }}/key.pem"
dest: /srv/syncthing/key.pem
+ register: privkey
- name: Copy certificate
copy:
src: "{{ role_path }}/cert.pem"
dest: /srv/syncthing/cert.pem
+ register: cert
- name: Copy Docker stack file
template:
src: "{{ role_path }}/docker-stack.yml.j2"
dest: /srv/syncthing/docker-stack.yml
+- name: Remove docker stack
+ docker_stack:
+ name: syncthing
+ state: absent
+ when: config.changed or privkey.changed or cert.changed
+
- name: Deploy Docker stack
docker_stack:
name: syncthing