diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..a85f579 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,7 @@ +## +# Global configuration +server: + domain: mrdev023.fr +acme: + email: florian.richer.97@outlook.com + debug: true \ No newline at end of file diff --git a/roles/traefik/tasks/base.yml b/roles/traefik/tasks/base.yml index b3d5539..1bd786f 100644 --- a/roles/traefik/tasks/base.yml +++ b/roles/traefik/tasks/base.yml @@ -2,30 +2,40 @@ - name: Copy traefik conf ansible.builtin.copy: - backup: true - src: . - dest: traefik/ - register: traefik_copy_results + backup: true + src: . + dest: traefik/ + register: traefik_copy_files_results + +- name: Copy template conf + ansible.builtin.template: + backup: true + src: "{{ item.src }}" + dest: "traefik/{{ item.dest }}" + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: 'config/traefik.yml.j2', dest: 'config/traefik.yml' } + register: traefik_copy_templates_results - name: Create proxy network community.docker.docker_network: - name: proxy - state: present + name: proxy + state: present become: true - name: Force update and restart container community.docker.docker_compose: - project_src: traefik - state: present - pull: true - restarted: true - when: traefik_copy_results.changed + project_src: traefik + state: present + pull: true + restarted: true + when: traefik_copy_files_results.changed or traefik_copy_templates_results.changed become: true - name: Update or start container community.docker.docker_compose: - project_src: traefik - state: present - pull: true - when: not traefik_copy_results.changed + project_src: traefik + state: present + pull: true + when: not traefik_copy_files_results.changed and not traefik_copy_templates_results.changed become: true \ No newline at end of file diff --git a/roles/traefik/files/config/traefik.yml b/roles/traefik/templates/config/traefik.yml.j2 similarity index 93% rename from roles/traefik/files/config/traefik.yml rename to roles/traefik/templates/config/traefik.yml.j2 index 5b8fa78..ba8e4e3 100644 --- a/roles/traefik/files/config/traefik.yml +++ b/roles/traefik/templates/config/traefik.yml.j2 @@ -42,10 +42,12 @@ providers: certificatesResolvers: sslResolver: acme: - email: florian.richer.97@outlook.com + email: {{ acme.email }} tlschallenge: {} storage: acme.json keyType: RSA4096 +{% if acme.debug %} caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" +{% endif %} httpChallenge: entryPoint: http diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/templates/docker-compose.yml.j2 similarity index 93% rename from roles/traefik/files/docker-compose.yml rename to roles/traefik/templates/docker-compose.yml.j2 index 54b946d..7a128d6 100644 --- a/roles/traefik/files/docker-compose.yml +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -26,7 +26,7 @@ services: - "traefik.http.middlewares.traefik-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" - "traefik.http.middlewares.traefik-stripprefix.stripprefix.prefixes=/traefik" - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`dash.mrdev023.fr`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))" + - "traefik.http.routers.traefik-secure.rule=Host(`dash.{{ server.domain }}`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))" - "traefik.http.middlewares.tls-rep.redirectregex.permanent=true" - "traefik.http.middlewares.tls-header.headers.SSLRedirect=true" - "traefik.http.middlewares.tls-header.headers.forceSTSHeader=true" @@ -56,7 +56,7 @@ services: - /etc/localtime:/etc/localtime:ro command: - "--web.route-prefix=/" - - "--web.external-url=https://dash.mrdev023.fr/prometheus" + - "--web.external-url=https://dash.{{ server.domain }}/prometheus" - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" @@ -69,7 +69,7 @@ services: - "traefik.http.middlewares.prometheus-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" - "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus" - "traefik.http.routers.prometheus-secure.entrypoints=https" - - "traefik.http.routers.prometheus-secure.rule=Host(`dash.mrdev023.fr`) && PathPrefix(`/prometheus`)" + - "traefik.http.routers.prometheus-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/prometheus`)" - "traefik.http.routers.prometheus-secure.middlewares=tls-chain,prometheus-stripprefix,prometheus-auth" - "traefik.http.routers.prometheus-secure.tls=true" - "traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver" @@ -98,7 +98,7 @@ services: - "traefik.http.middlewares.grafana-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana" - "traefik.http.routers.grafana-secure.entrypoints=https" - - "traefik.http.routers.grafana-secure.rule=Host(`dash.mrdev023.fr`) && PathPrefix(`/grafana`)" + - "traefik.http.routers.grafana-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/grafana`)" - "traefik.http.routers.grafana-secure.middlewares=tls-chain,grafana-stripprefix,grafana-auth" - "traefik.http.routers.grafana-secure.tls=true" - "traefik.http.routers.grafana-secure.tls.certresolver=http"