|
|
|
# https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
|
|
|
|
|
|
|
|
- hosts: attitude-adjuster
|
|
|
|
vars_files:
|
|
|
|
- vars.yml.private
|
|
|
|
become: yes
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: get docker ip
|
|
|
|
shell: ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+'
|
|
|
|
register: docker_ip
|
|
|
|
|
|
|
|
- name: traefik.toml
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
debug = false
|
|
|
|
insecureSkipVerify = true
|
|
|
|
|
|
|
|
logLevel = "INFO" # "ERROR"
|
|
|
|
defaultEntryPoints = ["https","http"]
|
|
|
|
|
|
|
|
[entryPoints]
|
|
|
|
[entryPoints.http]
|
|
|
|
address = ":80"
|
|
|
|
[entryPoints.http.redirect]
|
|
|
|
entryPoint = "https"
|
|
|
|
[entryPoints.https]
|
|
|
|
address = ":443"
|
|
|
|
[entryPoints.https.tls]
|
|
|
|
|
|
|
|
[retry]
|
|
|
|
|
|
|
|
[file]
|
|
|
|
|
|
|
|
[frontends]
|
|
|
|
[frontends.homeassistant]
|
|
|
|
backend = "homeassistant"
|
|
|
|
[frontends.homeassistant.routes.test_1]
|
|
|
|
rule = "Host:{{ home_assistant.host }}"
|
|
|
|
|
|
|
|
[backends]
|
|
|
|
[backends.homeassistant]
|
|
|
|
[backends.homeassistant.servers.server1]
|
|
|
|
url = "http://{{ docker_ip.stdout | trim }}:8123"
|
|
|
|
|
|
|
|
[docker]
|
|
|
|
endpoint = "unix:///var/run/docker.sock"
|
|
|
|
domain = "{{ traefik.domain }}"
|
|
|
|
watch = true
|
|
|
|
exposedByDefault = false
|
|
|
|
network = "attitudeadjuster_bridge"
|
|
|
|
|
|
|
|
[acme]
|
|
|
|
email = "{{ traefik.email }}"
|
|
|
|
storage = "acme.json"
|
|
|
|
entryPoint = "https"
|
|
|
|
onHostRule = true
|
|
|
|
[acme.httpChallenge]
|
|
|
|
entryPoint = "http"
|
|
|
|
dest: /opt/traefik/traefik.toml
|
|
|
|
notify: restart traefik
|
|
|
|
|
|
|
|
- name: acme.json
|
|
|
|
file:
|
|
|
|
name: /opt/traefik/acme.json
|
|
|
|
mode: 0600
|
|
|
|
state: touch
|
|
|
|
|
|
|
|
handlers:
|
|
|
|
|
|
|
|
- name: restart traefik
|
|
|
|
docker_container:
|
|
|
|
name: traefik
|
|
|
|
restart: yes
|
|
|
|
ignore_errors: yes
|
|
|
|
|