add traefik

2025-08-02 23:06:46 -04:00
parent f1272fc80f
commit a8802492f1
28 changed files with 411 additions and 457 deletions
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -0,0 +1,47 @@
+---
+- name: Create folder structure
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_dir }}/traefik"
+    - "{{ data_dir }}/traefik/data"
+    - "{{ data_dir }}/traefik/config"
+
+- name: Pull latest Traefik Docker Image
+  docker_image:
+    name: traefik
+    tag: latest
+    source: pull
+
+- name: Create Traefik Configuration
+  template:
+    src: config.yml.j2
+    dest: "{{ data_dir }}/traefik/traefik.yml"
+
+- name: Deploy Traefik Docker Container
+  docker_container:
+    name: traefik
+    image: traefik
+    restart_policy: unless-stopped
+    command:
+      - --providers.file.directory=/config
+    published_ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    env:
+      CF_API_EMAIL: "{{ TRAEFIK_CF_API_EMAIL }}"
+      CF_DNS_API_TOKEN: "{{ TRAEFIK_CF_API_KEY }}"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - "{{ data_dir }}/traefik/data:/data"
+      - "{{ data_dir }}/traefik/traefik.yml:/traefik.yml"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.traefik.rule: Host(`traefik.fntz.net`)
+      traefik.http.routers.traefik.entrypoints: webSecure
+      traefik.http.routers.traefik.tls.certresolver: letsencrypt
+      traefik.http.services.traefik.loadbalancer.server.port: "8080"
+    networks:
+      - name: homelab
--- a/roles/traefik/templates/config.yml.j2
+++ b/roles/traefik/templates/config.yml.j2
@@ -0,0 +1,30 @@
+api:
+  dashboard: true
+  insecure: true
+  debug: false
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  webSecure:
+    address: ":443"
+serversTransport:
+  insecureSkipVerify: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: homelab
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: {{ TRAEFIK_CF_API_EMAIL }}
+      storage: /data/acme.json
+      caServer: https://acme-v02.api.letsencrypt.org/directory
+      dnsChallenge:
+        provider: cloudflare
+        delayBeforeCheck: 10