[TRAEFIK] Add template + variable

2023-05-20 15:53:20 +02:00 · 2023-05-20 15:53:20 +02:00 · db6cdfae3b
commit db6cdfae3b
parent 924078fb3f
4 changed files with 39 additions and 20 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -0,0 +1,7 @@
+##
+# Global configuration
+server:
+  domain: mrdev023.fr
+acme:
+  email: florian.richer.97@outlook.com
+  debug: true
--- a/roles/traefik/tasks/base.yml
+++ b/roles/traefik/tasks/base.yml
@ -2,30 +2,40 @@

 - name: Copy traefik conf
  ansible.builtin.copy:
-      backup: true
-      src: .
-      dest: traefik/
-  register: traefik_copy_results
+    backup: true
+    src: .
+    dest: traefik/
+  register: traefik_copy_files_results
+
+- name: Copy template conf
+  ansible.builtin.template:
+    backup: true
+    src: "{{ item.src }}"
+    dest: "traefik/{{ item.dest }}"
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: 'config/traefik.yml.j2', dest: 'config/traefik.yml' }
+  register: traefik_copy_templates_results

 - name: Create proxy network
  community.docker.docker_network:
-      name: proxy
-      state: present
+    name: proxy
+    state: present
  become: true

 - name: Force update and restart container
  community.docker.docker_compose:
-      project_src: traefik
-      state: present
-      pull: true
-      restarted: true
-  when: traefik_copy_results.changed
+    project_src: traefik
+    state: present
+    pull: true
+    restarted: true
+  when: traefik_copy_files_results.changed or traefik_copy_templates_results.changed
  become: true

 - name: Update or start container
  community.docker.docker_compose:
-      project_src: traefik
-      state: present
-      pull: true
-  when: not traefik_copy_results.changed
+    project_src: traefik
+    state: present
+    pull: true
+  when: not traefik_copy_files_results.changed and not traefik_copy_templates_results.changed
  become: true
--- a/roles/traefik/templates/config/traefik.yml.j2
+++ b/roles/traefik/templates/config/traefik.yml.j2
@ -42,10 +42,12 @@ providers:
 certificatesResolvers:
  sslResolver:
    acme:
-      email: florian.richer.97@outlook.com
+      email: {{ acme.email }}
      tlschallenge: {}
      storage: acme.json
      keyType: RSA4096
+{% if acme.debug %}
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+{% endif %}
      httpChallenge:
        entryPoint: http
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@ -26,7 +26,7 @@ services:
      - "traefik.http.middlewares.traefik-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" 
      - "traefik.http.middlewares.traefik-stripprefix.stripprefix.prefixes=/traefik"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
-      - "traefik.http.routers.traefik-secure.rule=Host(`dash.mrdev023.fr`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))"
+      - "traefik.http.routers.traefik-secure.rule=Host(`dash.{{ server.domain }}`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))"
      - "traefik.http.middlewares.tls-rep.redirectregex.permanent=true"
      - "traefik.http.middlewares.tls-header.headers.SSLRedirect=true"
      - "traefik.http.middlewares.tls-header.headers.forceSTSHeader=true"
@ -56,7 +56,7 @@ services:
      - /etc/localtime:/etc/localtime:ro
    command:
      - "--web.route-prefix=/"
-      - "--web.external-url=https://dash.mrdev023.fr/prometheus"
+      - "--web.external-url=https://dash.{{ server.domain }}/prometheus"
      - "--config.file=/etc/prometheus/prometheus.yml"
      - "--storage.tsdb.path=/prometheus"
      - "--web.console.libraries=/usr/share/prometheus/console_libraries"
@ -69,7 +69,7 @@ services:
      - "traefik.http.middlewares.prometheus-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$"
      - "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus"
      - "traefik.http.routers.prometheus-secure.entrypoints=https"
-      - "traefik.http.routers.prometheus-secure.rule=Host(`dash.mrdev023.fr`) && PathPrefix(`/prometheus`)"
+      - "traefik.http.routers.prometheus-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/prometheus`)"
      - "traefik.http.routers.prometheus-secure.middlewares=tls-chain,prometheus-stripprefix,prometheus-auth"
      - "traefik.http.routers.prometheus-secure.tls=true"
      - "traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver"
@ -98,7 +98,7 @@ services:
      - "traefik.http.middlewares.grafana-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$"
      - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana"
      - "traefik.http.routers.grafana-secure.entrypoints=https"
-      - "traefik.http.routers.grafana-secure.rule=Host(`dash.mrdev023.fr`) && PathPrefix(`/grafana`)"
+      - "traefik.http.routers.grafana-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/grafana`)"
      - "traefik.http.routers.grafana-secure.middlewares=tls-chain,grafana-stripprefix,grafana-auth"
      - "traefik.http.routers.grafana-secure.tls=true"
      - "traefik.http.routers.grafana-secure.tls.certresolver=http"