feat(traefik): allow exposure of dashboard via domain

2026-01-22 14:01:23 +01:00 · 2026-01-22 14:01:23 +01:00 · 54be7db71e
commit 54be7db71e
parent bce1daf5a6
4 changed files with 20 additions and 7 deletions
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@ -41,6 +41,7 @@ selfsigned_common_name: "*.local.test"

 # Dashboard
 enable_dashboard: false
+dashboard_domain: ""  # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080

 # Access log configuration
 enable_access_logs: true
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@ -37,7 +37,6 @@
    path: "{{ docker_volume_dir }}/config"
    state: directory
    mode: '0755'
-  when: traefik_mode == 'dmz'

 - name: Create letsencrypt directory
  file:
@ -66,6 +65,21 @@
  notify: restart traefik
  when: traefik_mode == 'dmz'

+- name: Generate dashboard routing configuration
+  template:
+    src: dashboard.yml.j2
+    dest: "{{ docker_volume_dir }}/config/dashboard.yml"
+    mode: '0644'
+  notify: restart traefik
+  when: enable_dashboard | bool and dashboard_domain | length > 0
+
+- name: Remove dashboard routing configuration when not needed
+  file:
+    path: "{{ docker_volume_dir }}/config/dashboard.yml"
+    state: absent
+  notify: restart traefik
+  when: not (enable_dashboard | bool) or dashboard_domain | length == 0
+
 - name: Create docker-compose file for traefik
  template:
    src: docker-compose.yml.j2
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@ -16,17 +16,15 @@ services:
    ports:
      - "80:80"
      - "443:443"
-{% if enable_dashboard %}
+{% if enable_dashboard and not dashboard_domain %}
      - "8080:8080"
 {% endif %}
    volumes:
      - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
+      - {{ docker_volume_dir }}/config:/config:ro
 {% if cert_mode == 'acme' %}
      - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
 {% endif %}
-{% if traefik_mode == 'dmz' %}
-      - {{ docker_volume_dir }}/config:/config:ro
-{% endif %}
 {% if traefik_mode == 'backend' %}
      - /var/run/docker.sock:/var/run/docker.sock:ro
 {% endif %}
--- a/roles/traefik/templates/traefik.yml.j2
+++ b/roles/traefik/templates/traefik.yml.j2
@ -4,8 +4,10 @@ log:
 {% if enable_dashboard %}
 api:
  dashboard: true
+{% if not dashboard_domain %}
  insecure: true
 {% endif %}
+{% endif %}

 {% if enable_access_logs %}
 accessLog:
@ -26,11 +28,9 @@ entryPoints:
    address: ":443"

 providers:
-{% if traefik_mode == 'dmz' %}
  file:
    directory: /config
    watch: true
-{% endif %}
 {% if traefik_mode == 'backend' %}
  docker:
    endpoint: "unix:///var/run/docker.sock"