Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions

chore(traefik): prefix all traefi vars with traefik_

Browse source
This commit is contained in:
Bert-Jan Fikse 2026-01-22 17:29:56 +01:00
parent d0ae0a4df9
commit 13eb79803f
Signed by: bert-jan
GPG key ID: C1E0AB516AC16D1A
7 changed files with 58 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

40
roles/traefik/defaults/main.yml
View file

@ -17,36 +17,36 @@ docker_volume_dir: "{{ docker_volume_base_dir }}/{{ service_name }}"
traefik_mode: "backend" traefik_mode: "backend"
# SSL configuration # SSL configuration
use_ssl: true traefik_use_ssl: true
ssl_email: "admin@example.com" traefik_ssl_email: "admin@example.com"
ssl_cert_resolver: "dns" # Certificate resolver name traefik_ssl_cert_resolver: "dns" # Certificate resolver name
# Certificate mode: 'acme' for Let's Encrypt with DNS challenge or 'selfsigned' for self-signed certs # Certificate mode: 'acme' for Let's Encrypt with DNS challenge or 'selfsigned' for self-signed certs
cert_mode: "selfsigned" # Use selfsigned for vagrant, acme for production traefik_cert_mode: "selfsigned" # Use selfsigned for vagrant, acme for production
# ACME DNS Challenge with RFC2136 (TSIG) configuration # ACME DNS Challenge with RFC2136 (TSIG) configuration
acme_dns_zone: "" # e.g., "digitalboard._acme.digitalboard.ch." traefik_acme_dns_zone: "" # e.g., "digitalboard._acme.digitalboard.ch."
acme_dns_nameserver: "" # e.g., "192.168.1.1:53" traefik_acme_dns_nameserver: "" # e.g., "192.168.1.1:53"
acme_tsig_algorithm: "hmac-sha256" traefik_acme_tsig_algorithm: "hmac-sha256"
acme_tsig_key: "" # TSIG key name traefik_acme_tsig_key: "" # TSIG key name
acme_tsig_secret: "" # TSIG secret traefik_acme_tsig_secret: "" # TSIG secret
acme_propagation_timeout: "120" traefik_acme_propagation_timeout: "120"
acme_polling_interval: "2" traefik_acme_polling_interval: "2"
acme_ttl: "60" traefik_acme_ttl: "60"
# Self-signed certificate configuration (for vagrant/testing) # Self-signed certificate configuration (for vagrant/testing)
selfsigned_cert_dir: "{{ docker_volume_dir }}/certs" traefik_selfsigned_cert_dir: "{{ docker_volume_dir }}/certs"
selfsigned_cert_days: 365 traefik_selfsigned_cert_days: 365
selfsigned_common_name: "*.local.test" traefik_selfsigned_common_name: "*.local.test"
# Dashboard # Dashboard
enable_dashboard: false traefik_enable_dashboard: false
dashboard_domain: "" # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080 traefik_dashboard_domain: "" # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080
# Access log configuration # Access log configuration
enable_access_logs: true traefik_enable_access_logs: true
access_log_format: "common" traefik_access_log_format: "common"
log_level: "INFO" traefik_log_level: "INFO"
# Network name # Network name
traefik_network: "proxy" traefik_network: "proxy"

6
roles/traefik/tasks/main.yml
View file

@ -48,7 +48,7 @@
path: "{{ docker_volume_dir }}/letsencrypt" path: "{{ docker_volume_dir }}/letsencrypt"
state: directory state: directory
mode: '0755' mode: '0755'
when: cert_mode == 'acme' when: traefik_cert_mode == 'acme'
- name: Create traefik Docker network - name: Create traefik Docker network
community.docker.docker_network: community.docker.docker_network:
@ -76,14 +76,14 @@
dest: "{{ docker_volume_dir }}/config/dashboard.yml" dest: "{{ docker_volume_dir }}/config/dashboard.yml"
mode: '0644' mode: '0644'
notify: restart traefik notify: restart traefik
when: enable_dashboard | bool and dashboard_domain | length > 0 when: traefik_enable_dashboard | bool and traefik_dashboard_domain | length > 0
- name: Remove dashboard routing configuration when not needed - name: Remove dashboard routing configuration when not needed
file: file:
path: "{{ docker_volume_dir }}/config/dashboard.yml" path: "{{ docker_volume_dir }}/config/dashboard.yml"
state: absent state: absent
notify: restart traefik notify: restart traefik
when: not (enable_dashboard | bool) or dashboard_domain | length == 0 when: not (traefik_enable_dashboard | bool) or traefik_dashboard_domain | length == 0
- name: Create docker-compose file for traefik - name: Create docker-compose file for traefik
template: template:

8
roles/traefik/templates/dashboard.yml.j2
View file

@ -1,15 +1,15 @@
{% set dashboard_ssl = use_ssl_dashboard | default(use_ssl) %} {% set dashboard_ssl = traefik_use_ssl_dashboard | default(traefik_use_ssl) %}
http: http:
routers: routers:
dashboard: dashboard:
rule: "Host(`{{ dashboard_domain }}`)" rule: "Host(`{{ traefik_dashboard_domain }}`)"
service: api@internal service: api@internal
entryPoints: entryPoints:
- {{ 'websecure' if dashboard_ssl else 'web' }} - {{ 'websecure' if dashboard_ssl else 'web' }}
{% if dashboard_ssl %} {% if dashboard_ssl %}
tls: tls:
{% if cert_mode == 'acme' %} {% if traefik_cert_mode == 'acme' %}
certResolver: {{ ssl_cert_resolver }} certResolver: {{ traefik_ssl_cert_resolver }}
{% else %} {% else %}
{} {}
{% endif %} {% endif %}

20
roles/traefik/templates/docker-compose.yml.j2
View file

@ -3,26 +3,26 @@ services:
image: traefik:latest image: traefik:latest
container_name: traefik container_name: traefik
restart: always restart: always
{% if cert_mode == 'acme' %} {% if traefik_cert_mode == 'acme' %}
environment: environment:
RFC2136_NAMESERVER: "{{ acme_dns_nameserver }}" RFC2136_NAMESERVER: "{{ traefik_acme_dns_nameserver }}"
RFC2136_TSIG_ALGORITHM: "{{ acme_tsig_algorithm }}" RFC2136_TSIG_ALGORITHM: "{{ traefik_acme_tsig_algorithm }}"
RFC2136_TSIG_KEY: "{{ acme_tsig_key }}" RFC2136_TSIG_KEY: "{{ traefik_acme_tsig_key }}"
RFC2136_TSIG_SECRET: "{{ acme_tsig_secret }}" RFC2136_TSIG_SECRET: "{{ traefik_acme_tsig_secret }}"
RFC2136_PROPAGATION_TIMEOUT: "{{ acme_propagation_timeout }}" RFC2136_PROPAGATION_TIMEOUT: "{{ traefik_acme_propagation_timeout }}"
RFC2136_POLLING_INTERVAL: "{{ acme_polling_interval }}" RFC2136_POLLING_INTERVAL: "{{ traefik_acme_polling_interval }}"
RFC2136_TTL: "{{ acme_ttl }}" RFC2136_TTL: "{{ traefik_acme_ttl }}"
{% endif %} {% endif %}
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
{% if enable_dashboard and not dashboard_domain %} {% if traefik_enable_dashboard and not traefik_dashboard_domain %}
- "8080:8080" - "8080:8080"
{% endif %} {% endif %}
volumes: volumes:
- {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
- {{ docker_volume_dir }}/config:/config:ro - {{ docker_volume_dir }}/config:/config:ro
{% if cert_mode == 'acme' %} {% if traefik_cert_mode == 'acme' %}
- {{ docker_volume_dir }}/letsencrypt:/letsencrypt - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
{% endif %} {% endif %}
{% if traefik_mode == 'backend' %} {% if traefik_mode == 'backend' %}

8
roles/traefik/templates/middlewares.yml.j2
View file

@ -1,18 +1,18 @@
{% if enable_dashboard %} {% if traefik_enable_dashboard %}
api: api:
dashboard: true dashboard: true
insecure: true insecure: true
{% endif %} {% endif %}
{% if enable_access_logs %} {% if traefik_enable_access_logs %}
accessLog: accessLog:
format: {{ access_log_format }} format: {{ traefik_access_log_format }}
{% endif %} {% endif %}
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
{% if use_ssl %} {% if traefik_use_ssl %}
http: http:
redirections: redirections:
entryPoint: entryPoint:

12
roles/traefik/templates/services.yml.j2
View file

@ -5,11 +5,11 @@ http:
rule: "Host(`{{ service.domain }}`)" rule: "Host(`{{ service.domain }}`)"
service: {{ service.name }}-service service: {{ service.name }}-service
entryPoints: entryPoints:
- {{ 'websecure' if use_ssl else 'web' }} - {{ 'websecure' if traefik_use_ssl else 'web' }}
{% if use_ssl %} {% if traefik_use_ssl %}
tls: tls:
{% if cert_mode == 'acme' %} {% if traefik_cert_mode == 'acme' %}
certResolver: {{ ssl_cert_resolver }} certResolver: {{ traefik_ssl_cert_resolver }}
{% else %} {% else %}
{} {}
{% endif %} {% endif %}
@ -23,12 +23,12 @@ http:
passHostHeader: true passHostHeader: true
servers: servers:
- url: "{{ service.protocol }}://{{ service.backend_host }}:{{ service.port }}" - url: "{{ service.protocol }}://{{ service.backend_host }}:{{ service.port }}"
{% if service.protocol == 'https' and cert_mode == 'selfsigned' %} {% if service.protocol == 'https' and traefik_cert_mode == 'selfsigned' %}
serversTransport: insecure-transport serversTransport: insecure-transport
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if cert_mode == 'selfsigned' %} {% if traefik_cert_mode == 'selfsigned' %}
serversTransports: serversTransports:
insecure-transport: insecure-transport:
insecureSkipVerify: true insecureSkipVerify: true

22
roles/traefik/templates/traefik.yml.j2
View file

@ -1,23 +1,23 @@
log: log:
level: {{ log_level }} level: {{ traefik_log_level }}
{% if enable_dashboard %} {% if traefik_enable_dashboard %}
api: api:
dashboard: true dashboard: true
{% if not dashboard_domain %} {% if not traefik_dashboard_domain %}
insecure: true insecure: true
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if enable_access_logs %} {% if traefik_enable_access_logs %}
accessLog: accessLog:
format: {{ access_log_format }} format: {{ traefik_access_log_format }}
{% endif %} {% endif %}
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
{% if use_ssl %} {% if traefik_use_ssl %}
http: http:
redirections: redirections:
entryPoint: entryPoint:
@ -38,19 +38,19 @@ providers:
exposedByDefault: false exposedByDefault: false
{% endif %} {% endif %}
{% if use_ssl and cert_mode == 'acme' %} {% if traefik_use_ssl and traefik_cert_mode == 'acme' %}
certificatesResolvers: certificatesResolvers:
{{ ssl_cert_resolver }}: {{ traefik_ssl_cert_resolver }}:
acme: acme:
email: {{ ssl_email }} email: {{ traefik_ssl_email }}
storage: /letsencrypt/acme.json storage: /letsencrypt/acme.json
dnsChallenge: dnsChallenge:
provider: rfc2136 provider: rfc2136
resolvers: resolvers:
- "{{ acme_dns_nameserver }}" - "{{ traefik_acme_dns_nameserver }}"
{% endif %} {% endif %}
{% if use_ssl %} {% if traefik_use_ssl %}
tls: tls:
options: options:
default: default: