From 04a03da9a667978120e1cb87f0d7b2cb911900fe Mon Sep 17 00:00:00 2001 From: erebion Date: Mon, 27 Nov 2023 21:13:06 +0100 Subject: [PATCH 1/2] Moved to yml instead of the terrible toml that lurks in the shadows at night --- roles/traefik_docker/templates/traefik.service.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/traefik_docker/templates/traefik.service.j2 b/roles/traefik_docker/templates/traefik.service.j2 index 2eaa3c4..79f2785 100644 --- a/roles/traefik_docker/templates/traefik.service.j2 +++ b/roles/traefik_docker/templates/traefik.service.j2 @@ -6,8 +6,8 @@ Requires=docker.service [Service] ExecStartPre=-/usr/bin/docker rm --force {{ traefik_container_name }} ExecStart=/usr/bin/docker run --rm --name {{ traefik_container_name }} \ - -v /var/run/docker.sock:/var/run/docker.sock -v {{ docker_volumes_dir }}/traefik/traefik.toml:/traefik.toml \ - -v {{ docker_volumes_dir }}/traefik/traefik_dynamic.toml:/traefik_dynamic.toml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \ + -v /var/run/docker.sock:/var/run/docker.sock -v {{ docker_volumes_dir }}/traefik/traefik.yml:/traefik.yml \ + -v {{ docker_volumes_dir }}/traefik/traefik_dynamic.yml:/traefik_dynamic.yml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \ -p 80:80 -p 443:443 -p 8448:8448 --network traefik traefik:v2.10.5 ExecStop=/usr/bin/docker stop {{ traefik_container_name }} Restart=always From 4eb6b764a19e6403cce52b3acf9a82e8cb90fb4b Mon Sep 17 00:00:00 2001 From: erebion Date: Tue, 28 Nov 2023 13:56:06 +0100 Subject: [PATCH 2/2] added missing files for the traefik role --- host_vars/unhb4/unhb4.yml | 1 + host_vars/unhb4/unhb4_vault.yml | 94 ++++++++++--------- roles/traefik_docker/tasks/main.yml | 46 +++------ roles/traefik_docker/templates/traefik.yml.j2 | 44 +++++++++ .../templates/traefik_dynamic.yml.j2 | 15 +++ 5 files changed, 121 insertions(+), 79 deletions(-) create mode 100644 roles/traefik_docker/templates/traefik.yml.j2 create mode 100644 roles/traefik_docker/templates/traefik_dynamic.yml.j2 diff --git a/host_vars/unhb4/unhb4.yml b/host_vars/unhb4/unhb4.yml index beaa2f2..af2bfd2 100644 --- a/host_vars/unhb4/unhb4.yml +++ b/host_vars/unhb4/unhb4.yml @@ -65,6 +65,7 @@ firewall_ports: - 21117/tcp # Rustdesk traefik_container_name: "traefik" +traefik_dashboard_hostname: "traefik.un-hack-bar.de" version: authentik: "2023.10.3" diff --git a/host_vars/unhb4/unhb4_vault.yml b/host_vars/unhb4/unhb4_vault.yml index eca5e65..7c5ac44 100644 --- a/host_vars/unhb4/unhb4_vault.yml +++ b/host_vars/unhb4/unhb4_vault.yml @@ -1,46 +1,50 @@ $ANSIBLE_VAULT;1.1;AES256 -38626432353832643761633761353333306230386661323266323463643266366464346632396232 -6230646530376638666631306636393830306433366265640a656266663039396131633330666537 -33636564663337633563333236383739393833303934333833373964316337306636646434356337 -6139393666663164320a633761353161653332353234616334356630663939313730366461303030 -30363864346234353532346362636437306238306263346564366265623964633638303361343963 -62356632633764373734663665316238646232663030373135633830613835376536303966323436 -31653234623765373831353233653036326233613930323463663437386337633132636461333764 -39646537663739393937303465393563613665623162616438346462643135323035393964356262 -37353531343662346532633666366337393865383235623461333632363738313234666431363766 -39643262396163663432346361323430633361353565356430326433383336366661316335663335 -39353963336235353932353963356335333534613535653134613834383433393337396666623438 -32356365396339323264633939663364356230663333613161313539366539396530316565383831 -62633032666335383434623661323861666533663935393531346636313930396231346336306235 -61636131376664356635393736363235653537323932356639633135386238313438666239323763 -31616165663932333630333465316430326462373136323036396336356261656664383934343238 -37633631323931386364633331346264666236393730386434343935393131343566383333303632 -35383732613663373539343633393161343337373438363233333661386139323966306465313461 -66323431643463386363663439383165646539393836613164646461386130663561396132653137 -32613435373664336636346331313533373630323134326432633534366562336331353962326265 -30366638623966383438366464303562353162663063393766383635386639363164396235326537 -64643234613934663736316530343338643630656138396462653938386132376139353238613838 -36663632636565323736383130313934333230363437653631383136643063626433356635363036 -38343036313463643864376632616139613664656639663636386231666132306363326335343331 -38373833653964343030636639346635613563633933393665393332613134393338326664303064 -34313337623034346465643362353762346231346364383837386634356362396633346434343234 -32303835623164396264623230313539366430376539346338306432653935633365366566656462 -39373933613864313265386664336262343830323637356333373437303133393137303333623533 -33626430643131653861383830646332366431363562373434323734373136366162386533633038 -30356261633564346431633436646236346430393531313331666461386235316264376532626234 -37333665396463396330313562303532356464383031396537313263663965336265613133653033 -66316665323536363937326531643766623630376535663935356335623031383233356536653461 -30326466316334343861353265363331623630343939636136646263343538643462643936663238 -61353034386661326462343262656463343539663435383963646531646335636239313036613232 -66366664326562663837396232353831363831386261363532643164306564383331373962393039 -38613538376663393766393264336164333138353938393031313865306133646465626664386537 -32343237323165653634313238623561333664646265313433363564383438643665363764613237 -62396564303135613836356433633632613939313730653930663536316135363565356632636436 -35323764653361363666323461333863353461643434386466353130343932326462333961663333 -39383337303735373762326365306165663133343632616465623338353637333936386130336564 -34366165386566363535323066393932646666643164303264646364653234393433613636333261 -34363734653135336663663035653332383931316362356231306266623131663462396363383033 -61636661653766373437303738666136393231653965303739616138343230323338306231306637 -64323263363363316561303138366464626365373032353239343530316637626462363636303365 -62313631316231313632396464646135653534363438376338636263663438653737623165316131 -35383939363534616161313130656130383764663665303030613839633661313933 +39663531646261623063306461623531383931653762613831656461313064376561336138663733 +6434313637646163656637323234613335323031363933330a373661353061373033333063336331 +31646266353135336237386163623861306463613733633964656462366634306361646365313566 +6239323762343662630a626336326137346261306363643862376636323266393362353437623161 +33356635303231346363613537396631643130313033646332323565666434373066613662353161 +37346366666663336639663664616134366264383061643336356135343631626332656466373638 +38666363336139343739353931313062613430653735376532613866313062663032613432346330 +34653139316539373131393363303736386433363734616432326430346636653762363935363032 +63633861333663626566323539366362633665666537653765313361353963343133326638643538 +62643035383936666637333135616662343436303864373665613463363834623363623366613164 +61633536613438636433653935333437653432656232633936346438323439353662373165626630 +37356333646166303837373738643465353635376531623231623937666633613165643434356535 +39353833366435396639646331666433353431353137393531653539303538313064313534376330 +32376131386530373032373235323765663836663962663262363532303866323331663130623864 +66313631646234323639613362653230363363326564633033623136643439653461373439376331 +64303162613235333639613663373833643632376238316130333764373334616531303761393861 +63303464653436393062343164306631646161333064303230366264313332303365326235383931 +34666466626266333761373837373730633030356163333538313434666238623432623965383262 +64626661323464323465643761356332343365316535343964353836346339313132333937333939 +31656338613739363633373838363862343763613061373463306161643131653264646664323966 +62653638646438336531633534336663326631303461613661383830353564363862373966343862 +61373366326366366137333765376566663638366366303264363366363838646136306330313361 +39306430333234363664383039373764636431303934323664646430303863383131623237356433 +66316434323161653764363361383563643734366635356539386561316135663736303831353264 +61346131633831613365313966626363393765376639326263643237346333363033313763376533 +32396132666164396338653439626436396661366131623234646564356232353764303931313337 +64636365313739343864346333396235623963303061396262653230353533613564636163656262 +33376663663231343266336131613634623233633733343130636133316336363433666134393166 +36633831373762373464376633613430633839333061303531376462626432333264333232356238 +30663461653461626236633865346639363536666264663036653961623737343434306133663735 +30356464343831623463393262646131336538376232323366316666386462653939336365613663 +63613264623861386332663534313562636134373736396263653336393365323665666161336634 +31656536393161653866363933356266323566666438353237656531356162636234323865386437 +62653333623738323264313331303565646533663037633837366632303136633330643132613039 +35393933613161363431643565353234393861636535643463636362306533353961656636383366 +61323366663765373339646363383435306537376336633833393238633238623338303161336332 +39656463303134623461383761613431653439343038623661363765333166363239316435646631 +37346237346466313439653263326262616130613664613332343065636130353661633662393666 +66306234346661303334383363333831323763336663383030633164623230343530383365316565 +64323732653165653535643838376264313930376632373835623866356462626630333833663366 +32623335333435333437653063393633323732636531353334613333353233633536373533326636 +33646264363136343238626133663231653238396539326462326362633839333031383432656465 +38353735623133386564626133663261643030626365303139613832306130613337663062613834 +33653962636431356534653036326434386466616438666131363834353235343762643365323330 +62383933623461383437633631633761616633653430326636393635666533373339336266383338 +64316361656330306233343330613335373164656138353964646535323762323835333265636435 +37376338653238333863383664373064323331363334353765636265663334363739363363636463 +30656331366463353639383065363234653661346330346131353838626362373634353661326163 +63623762383639633264353466323837383434653536343931653231656535343064 diff --git a/roles/traefik_docker/tasks/main.yml b/roles/traefik_docker/tasks/main.yml index e4b8373..0054163 100644 --- a/roles/traefik_docker/tasks/main.yml +++ b/roles/traefik_docker/tasks/main.yml @@ -16,40 +16,18 @@ with_items: - "{{ docker_volumes_dir }}/traefik" -#- name: "Ensure Pretix has access to its files" -# ansible.builtin.file: -# path: "{{ item }}" -# state: file -# owner: 15371 -# group: 15371 -# mode: '0600' -# with_items: -# - "{{ docker_volumes_dir }}/pretix/data/.secret" - -#- name: "Template .env files for Pretix" -# ansible.builtin.template: -# src: "{{ item }}.j2" -# dest: "{{ docker_volumes_dir }}/pretix/{{ item }}" -# force: true -# owner: root -# group: root -# mode: '0660' -# with_items: -# - pretix.env -# - pretix-db.env -# notify: restart-pretix-docker - -#- name: "Template Config for Pretix" -# ansible.builtin.template: -# src: "{{ item }}.j2" -# dest: "{{ docker_volumes_dir }}/pretix/conf/{{ item }}" -# force: true -# owner: 15371 -# group: 15371 -# mode: '0640' -# with_items: -# - pretix.cfg -# notify: restart-pretix-docker +- name: "Template Config for Pretix" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "{{ docker_volumes_dir }}/traefik/{{ item }}" + force: true + owner: 0 + group: 0 + mode: '0640' + with_items: + - traefik.yml + - traefik_dynamic.yml + notify: restart-traefik-docker - name: "Template systemd unit files for Traefik" ansible.builtin.template: diff --git a/roles/traefik_docker/templates/traefik.yml.j2 b/roles/traefik_docker/templates/traefik.yml.j2 new file mode 100644 index 0000000..800e6b8 --- /dev/null +++ b/roles/traefik_docker/templates/traefik.yml.j2 @@ -0,0 +1,44 @@ + + +entryPoints: + web: + address: ":80" + http: + redirections: + entryPoint: + to: "websecure" + scheme: "https" + websecure: + address: ":443" + http: + tls: + certResolver: "letsencrypt" + matrixfederation: + address: ":8448" + http: + tls: + certResolver: "letsencrypt" + +api: + dashboard: true + #insecure: true + +certificatesResolvers: + letsencrypt: + acme: + email: "{{ letsencrypt_email }}" + storage: "/letsencrypt/acme.json" + #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" + tlsChallenge: + + +providers: + docker: + watch: true + network: "traefik" + exposedByDefault: false + file: + filename: "traefik_dynamic.yml" + +log: + level: "INFO" diff --git a/roles/traefik_docker/templates/traefik_dynamic.yml.j2 b/roles/traefik_docker/templates/traefik_dynamic.yml.j2 new file mode 100644 index 0000000..d5458f3 --- /dev/null +++ b/roles/traefik_docker/templates/traefik_dynamic.yml.j2 @@ -0,0 +1,15 @@ +http: + middlewares: + simpleAuthTraefikDashboard: + basicAuth: + users: + {% for item in traefik_basic_auth_users %} - "{{ item }}"{% endfor %} + + routers: + api: + rule: "Host(`{{ traefik_dashboard_hostname }}`)" + entrypoints: + - "websecure" + middlewares: + - "simpleAuthTraefikDashboard" + service: "api@internal"