From dd0a6dcd222ef18e536736bb6929f088163d67eb Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 3 May 2023 08:09:16 +0200
Subject: [PATCH] restore esrom service

---
 ansible/roles/traefik/docker-stack.yml.j2 | 21 ++++++++++++++++++++-
 ansible/roles/traefik/services.yml        |  6 ++++++
 ansible/roles/traefik/tasks/main.yml      |  5 +++++
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/traefik/services.yml

diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2
index 22aeb59..6eb0989 100644
--- a/ansible/roles/traefik/docker-stack.yml.j2
+++ b/ansible/roles/traefik/docker-stack.yml.j2
@@ -5,6 +5,10 @@ networks:
   traefik:
     external: true
 
+configs:
+  services:
+    file: /srv/traefik/services.yml
+
 services:
   traefik:
     image: traefik:3.0
@@ -22,6 +26,12 @@ services:
         - traefik.http.routers.dashboard.rule=Host(`maestro.dmz`)
         - traefik.http.routers.dashboard.service=api@internal
         - traefik.http.services.dummy-svc.loadbalancer.server.port=8080
+
+        - traefik.http.routers.esrom.entrypoints=websecure
+        - traefik.http.routers.esrom.service=esrom@file
+        - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
+        - traefik.http.routers.esrom.tls=true
+        - traefik.http.routers.esrom.tls.certresolver=letsencrypt
     volumes:
       - type: bind
         source: /var/run/docker.sock
@@ -29,20 +39,29 @@ services:
       - type: bind
         source: /mnt/data/traefik/acme.json
         target: /acme.json
+    configs:
+      - source: services
+        target: /etc/traefik/services.yml
     command:
       - --providers.docker
       - --providers.docker.swarmmode
       - --providers.docker.watch
+      - --providers.docker.exposedbydefault=false
+
+      - --providers.file.filename=/etc/traefik/services.yml
+
       - --api
       - --api.insecure=true
       - --api.dashboard=true
+
       - --entrypoints.web.address=:80
       - --entrypoints.web.http.redirections.entrypoint=true
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
       - --entrypoints.web.http.redirections.entrypoint.permanent=true
+
       - --entrypoints.websecure.address=:443
-      - --providers.docker.exposedbydefault=false
+
       - --certificatesresolvers.letsencrypt.acme=true
       - --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl
       - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
diff --git a/ansible/roles/traefik/services.yml b/ansible/roles/traefik/services.yml
new file mode 100644
index 0000000..9823a9b
--- /dev/null
+++ b/ansible/roles/traefik/services.yml
@@ -0,0 +1,6 @@
+http:
+  services:
+    esrom:
+      loadBalancer:
+        servers:
+          - url: http://esrom.dmz:80/
diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml
index 0dd74b0..b2efa90 100644
--- a/ansible/roles/traefik/tasks/main.yml
+++ b/ansible/roles/traefik/tasks/main.yml
@@ -3,6 +3,11 @@
     name: traefik
     driver: overlay
 
+- name: Copy services definition
+  copy:
+    src: "{{ role_path }}/services.yml"
+    dest: /srv/traefik/services.yml
+
 - name: Create working directory
   file:
     path: /srv/traefik