#SPDX-License-Identifier: MIT-0 --- # tasks file for reverseproxy - name: Determine which backend servers to proxy (DMZ mode) set_fact: _backend_servers: "{{ backend_servers_to_proxy if backend_servers_to_proxy | length > 0 else groups['backend_servers'] | default([]) }}" when: reverseproxy_mode == 'dmz' - name: Build service registry from backend servers (DMZ mode) set_fact: proxied_services: "{{ proxied_services | default([]) + hostvars[item].reverseproxy_services | default([]) | map('combine', {'backend_host': hostvars[item].ansible_host | default(item)}) | list }}" loop: "{{ _backend_servers | default([]) }}" when: reverseproxy_mode == 'dmz' - name: Debug service registry debug: var: proxied_services when: - reverseproxy_mode == 'dmz' - proxied_services is defined - name: Create docker compose directory file: path: "{{ docker_compose_dir }}" state: directory mode: '0755' - name: Create docker volume directory file: path: "{{ docker_volume_dir }}" state: directory mode: '0755' - name: Create traefik config directory file: path: "{{ docker_volume_dir }}/config" state: directory mode: '0755' when: reverseproxy_mode == 'dmz' - name: Create letsencrypt directory file: path: "{{ docker_volume_dir }}/letsencrypt" state: directory mode: '0755' when: cert_mode == 'acme' - name: Create traefik Docker network community.docker.docker_network: name: "{{ traefik_network }}" state: present - name: Generate traefik static configuration template: src: traefik.yml.j2 dest: "{{ docker_volume_dir }}/traefik.yml" mode: '0644' notify: restart traefik - name: Generate traefik dynamic configuration for DMZ services template: src: services.yml.j2 dest: "{{ docker_volume_dir }}/config/services.yml" mode: '0644' notify: restart traefik when: reverseproxy_mode == 'dmz' - name: Create docker-compose file for traefik template: src: docker-compose.yml.j2 dest: "{{ docker_compose_dir }}/docker-compose.yml" mode: '0644' - name: Start traefik container community.docker.docker_compose_v2: project_src: "{{ docker_compose_dir }}" state: present