# https://docs.traefik.io/user-guide/docker-and-lets-encrypt/

- hosts: attitude-adjuster
  vars_files:
    - vars.yml.private
  become: yes
  tasks:

    - name: get docker ip
      shell: ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+'
      register: docker_ip

    - name: traefik.toml
      copy:
        content: |
          debug = false
          insecureSkipVerify = true

          logLevel = "INFO" # "ERROR"
          defaultEntryPoints = ["https","http"]

          [entryPoints]
            [entryPoints.http]
            address = ":80"
              [entryPoints.http.redirect]
              entryPoint = "https"
            [entryPoints.https]
            address = ":443"
            [entryPoints.https.tls]

          [retry]

          [file]

          [frontends]
            [frontends.homeassistant]
            backend = "homeassistant"
              [frontends.homeassistant.routes.test_1]
              rule = "Host:{{ home_assistant.host }}"

          [backends]
            [backends.homeassistant]
              [backends.homeassistant.servers.server1]
              url = "http://{{ docker_ip.stdout | trim }}:8123"

          [docker]
          endpoint = "unix:///var/run/docker.sock"
          domain = "{{ traefik.domain }}"
          watch = true
          exposedByDefault = false
          network = "attitudeadjuster_bridge"

          [acme]
          email = "{{ traefik.email }}"
          storage = "acme.json"
          entryPoint = "https"
          onHostRule = true
          [acme.httpChallenge]
          entryPoint = "http"
        dest: /opt/traefik/traefik.toml
      notify: restart traefik

    - name: acme.json
      file:
        name: /opt/traefik/acme.json
        mode: 0600
        state: touch

  handlers:

    - name: restart traefik
      docker_container:
        name: traefik
        restart: yes
      ignore_errors: yes