chore: rename reverseproxy role to traffic

in case we get a nginx role oa in the future

roles/traefik/templates/docker-compose.yml.j2

@@ -0,0 +1,39 @@
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: always
+{% if cert_mode == 'acme' %}
+    environment:
+      RFC2136_NAMESERVER: "{{ acme_dns_nameserver }}"
+      RFC2136_TSIG_ALGORITHM: "{{ acme_tsig_algorithm }}"
+      RFC2136_TSIG_KEY: "{{ acme_tsig_key }}"
+      RFC2136_TSIG_SECRET: "{{ acme_tsig_secret }}"
+      RFC2136_PROPAGATION_TIMEOUT: "{{ acme_propagation_timeout }}"
+      RFC2136_POLLING_INTERVAL: "{{ acme_polling_interval }}"
+      RFC2136_TTL: "{{ acme_ttl }}"
+{% endif %}
+    ports:
+      - "80:80"
+      - "443:443"
+{% if enable_dashboard %}
+      - "8080:8080"
+{% endif %}
+    volumes:
+      - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
+{% if cert_mode == 'acme' %}
+      - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
+{% endif %}
+{% if traefik_mode == 'dmz' %}
+      - {{ docker_volume_dir }}/config:/config:ro
+{% endif %}
+{% if traefik_mode == 'backend' %}
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+{% endif %}
+    networks:
+      - {{ traefik_network }}
+
+networks:
+  {{ traefik_network }}:
+    name: {{ traefik_network }}
+    external: true

roles/traefik/templates/middlewares.yml.j2

@@ -0,0 +1,47 @@
+{% if enable_dashboard %}
+api:
+  dashboard: true
+  insecure: true
+{% endif %}
+
+{% if enable_access_logs %}
+accessLog:
+  format: {{ access_log_format }}
+{% endif %}
+
+entryPoints:
+  web:
+    address: ":80"
+{% if use_ssl %}
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+{% endif %}
+  websecure:
+    address: ":443"
+
+providers:
+{% if use_static_services | default(false) %}
+  file:
+    filename: /etc/traefik/services.yml
+    watch: true
+{% endif %}
+{% if use_docker_provider | default(true) %}
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+{% endif %}
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@digitalboard.ch
+      storage: /letsencrypt/acme.json
+      httpChallenge:
+        entryPoint: web
+
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false

roles/traefik/templates/services.yml.j2

@@ -0,0 +1,35 @@
+http:
+  routers:
+{% for service in proxied_services %}
+    {{ service.name }}:
+      rule: "Host(`{{ service.domain }}`)"
+      service: {{ service.name }}-service
+      entryPoints:
+        - {{ 'websecure' if use_ssl else 'web' }}
+{% if use_ssl %}
+      tls:
+{% if cert_mode == 'acme' %}
+        certResolver: {{ ssl_cert_resolver }}
+{% else %}
+        {}
+{% endif %}
+{% endif %}
+{% endfor %}
+
+  services:
+{% for service in proxied_services %}
+    {{ service.name }}-service:
+      loadBalancer:
+        passHostHeader: true
+        servers:
+          - url: "{{ service.protocol }}://{{ service.backend_host }}:{{ service.port }}"
+{% if service.protocol == 'https' and cert_mode == 'selfsigned' %}
+        serversTransport: insecure-transport
+{% endif %}
+{% endfor %}
+
+{% if cert_mode == 'selfsigned' %}
+  serversTransports:
+    insecure-transport:
+      insecureSkipVerify: true
+{% endif %}

roles/traefik/templates/traefik.yml.j2

@@ -0,0 +1,62 @@
+log:
+  level: {{ log_level }}
+
+{% if enable_dashboard %}
+api:
+  dashboard: true
+  insecure: true
+{% endif %}
+
+{% if enable_access_logs %}
+accessLog:
+  format: {{ access_log_format }}
+{% endif %}
+
+entryPoints:
+  web:
+    address: ":80"
+{% if use_ssl %}
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+{% endif %}
+  websecure:
+    address: ":443"
+
+providers:
+{% if traefik_mode == 'dmz' %}
+  file:
+    directory: /config
+    watch: true
+{% endif %}
+{% if traefik_mode == 'backend' %}
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    network: {{ traefik_network }}
+    exposedByDefault: false
+{% endif %}
+
+{% if use_ssl and cert_mode == 'acme' %}
+certificatesResolvers:
+  {{ ssl_cert_resolver }}:
+    acme:
+      email: {{ ssl_email }}
+      storage: /letsencrypt/acme.json
+      dnsChallenge:
+        provider: rfc2136
+        resolvers:
+          - "{{ acme_dns_nameserver }}"
+{% endif %}
+
+{% if use_ssl %}
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+{% endif %}
+
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false