chore: upgrade reverseproxy role for use with vagrant and ssl

2025-11-07 11:52:41 +01:00 · 2025-11-07 11:52:41 +01:00 · 314fce4757
commit 314fce4757
parent dd84ca3184
7 changed files with 213 additions and 57 deletions
--- a/roles/reverseproxy/tasks/main.yml
+++ b/roles/reverseproxy/tasks/main.yml
@ -2,23 +2,23 @@
 ---
 # tasks file for reverseproxy

- name: Gather service information from all hosts
-  setup:
-  delegate_to: "{{ item }}"
-  delegate_facts: true
-  loop: "{{ groups['all_servers'] }}"
-  when: use_static_services | bool
-
- name: Build service registry from all hosts
+- name: Determine which backend servers to proxy (DMZ mode)
  set_fact:
-    all_services: "{{ all_services | default([]) + hostvars[item].services | default([]) | map('combine', {'backend_host': item}) | list }}"
-  loop: "{{ groups['all_servers'] }}"
-  when: use_static_services | bool
+    _backend_servers: "{{ backend_servers_to_proxy if backend_servers_to_proxy | length > 0 else groups['backend_servers'] | default([]) }}"
+  when: reverseproxy_mode == 'dmz'
+
+- name: Build service registry from backend servers (DMZ mode)
+  set_fact:
+    proxied_services: "{{ proxied_services | default([]) + hostvars[item].reverseproxy_services | default([]) | map('combine', {'backend_host': hostvars[item].ansible_host | default(item)}) | list }}"
+  loop: "{{ _backend_servers | default([]) }}"
+  when: reverseproxy_mode == 'dmz'

 - name: Debug service registry
  debug:
-    var: all_services
-  when: use_static_services | bool
+    var: proxied_services
+  when:
+    - reverseproxy_mode == 'dmz'
+    - proxied_services is defined

 - name: Create docker compose directory
  file:
@ -26,33 +26,45 @@
    state: directory
    mode: '0755'

- name: Create docker volume directories
+- name: Create docker volume directory
  file:
-    path: "{{ docker_volume_dir }}/traefik/{{ item }}"
+    path: "{{ docker_volume_dir }}"
    state: directory
    mode: '0755'
-  loop:
-    - letsencrypt
+
+- name: Create traefik config directory
+  file:
+    path: "{{ docker_volume_dir }}/config"
+    state: directory
+    mode: '0755'
+  when: reverseproxy_mode == 'dmz'
+
+- name: Create letsencrypt directory
+  file:
+    path: "{{ docker_volume_dir }}/letsencrypt"
+    state: directory
+    mode: '0755'
+  when: cert_mode == 'acme'

 - name: Create traefik Docker network
  community.docker.docker_network:
-    name: traefik
+    name: "{{ traefik_network }}"
    state: present

 - name: Generate traefik static configuration
  template:
    src: traefik.yml.j2
-    dest: "{{ docker_compose_dir }}/traefik.yml"
+    dest: "{{ docker_volume_dir }}/traefik.yml"
    mode: '0644'
  notify: restart traefik

- name: Generate traefik services configuration for discovered services
+- name: Generate traefik dynamic configuration for DMZ services
  template:
    src: services.yml.j2
-    dest: "{{ docker_compose_dir }}/services.yml"
+    dest: "{{ docker_volume_dir }}/config/services.yml"
    mode: '0644'
  notify: restart traefik
-  when: use_static_services | bool
+  when: reverseproxy_mode == 'dmz'

 - name: Create docker-compose file for traefik
  template:
@ -63,4 +75,4 @@
 - name: Start traefik container
  community.docker.docker_compose_v2:
    project_src: "{{ docker_compose_dir }}"
-    state: present
+    state: present