---
- name: Create folder structure
  file:
    path: "{{ item }}"
    state: directory
  with_items:
    - "{{ data_dir }}/traefik"
    - "{{ data_dir }}/traefik/data"
    - "{{ data_dir }}/traefik/config"

- name: Pull latest Traefik Docker Image
  docker_image:
    name: traefik
    tag: latest
    source: pull

# create static configuration for traefik
- name: Create Traefik Configuration
  template:
    src: config.yml.j2
    dest: "{{ data_dir }}/traefik/traefik.yml"

# create dynamic provider files for each system
- name: Create Traefik Dynamic File (Local)
  template:
    src: local-dynamic.yml.j2
    dest: "{{ data_dir }}/traefik/dynamic.yml"
  when: server == "bear"

- name: Deploy Traefik Docker Container
  docker_container:
    name: traefik
    image: traefik
    restart_policy: unless-stopped
    recreate: true
    pull: true
    command:
      - --providers.file.directory=/config
    published_ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    env:
      CF_API_EMAIL: "{{ TRAEFIK_CF_API_EMAIL }}"
      CF_DNS_API_TOKEN: "{{ TRAEFIK_CF_API_KEY }}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - "{{ data_dir }}/traefik/data:/data"
      - "{{ data_dir }}/traefik/traefik.yml:/traefik.yml"
      - "{{ data_dir }}/traefik/dynamic.yml:/dynamic.yml"
    networks: >-
      {{
        [{'name': docker_network_name}] +
        ([{'name': 'tunnel'}] if use_cloudflared | default(false) else [])
      }}
    labels:
      traefik.http.routers.wildcard.rule: "HostRegexp(`{subdomain:.+}.fntz.net`)"
      traefik.http.routers.wildcard.tls: "true"
      traefik.http.routers.wildcard.tls.certresolver: letsencrypt
      traefik.http.routers.wildcard.tls.domains[0].main: fntz.net
      traefik.http.routers.wildcard.tls.domains[0].sans: "*.fntz.net,*.citadel.fntz.net"