Initial release

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Kibatic
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,21 @@
+Traefik (in Docker) role for Ansible
+====
+
+#### Dependencies
+
+- Assumes Docker and Docker Compose are installed on the host
+
+#### Usage
+
+Create a playbook (`traefik.yml`) from this role:
+
+```
+---
+- name: Install and configure Traefik reverse-proxy
+  hosts: <your host group or individual host>
+  roles:
+    - role: roles/traefik
+      traefik_docker_domain: "mydomain.org"
+      traefik_acme_email: "user@mydomain.org"
+      traefik_dashboard_basicauth_users: ["user:$apr1$somehash"]
+```

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+roles_path=../

defaults/main.yml

@@ -0,0 +1,27 @@
+---
+traefik_version: "latest"
+traefik_directory: "/opt/traefik"
+
+traefik_debug_enable: false
+traefik_log_level: "WARNING"
+
+# Main configuration
+traefik_entrypoint_http_port: 80
+traefik_entrypoint_http_redirect_to_https: true
+traefik_entrypoint_https_port: 443
+
+# Dashboard
+traefik_dashboard_enable: true
+traefik_dashboard_entrypoint_port: 8080
+traefik_dashboard_subdomain: "traefik"
+traefik_dashboard_basicauth_enable: true
+traefik_dashboard_basicauth_users: []
+
+# Docker
+traefik_docker_domain: "mydomain.org"
+traefik_docker_expose_by_default: false
+
+# Enable automatic certificates from Let's Encrypt
+traefik_acme_enable: true
+traefik_acme_autocreate_from_host: true
+traefik_acme_email: "admin@mydomain.org"

handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: start traefik
+  docker_service:
+    state: present
+
+- name: restart traefik
+  docker_service:
+    state: present
+    restarted: yes

tasks/configure.yml

@@ -0,0 +1,30 @@
+---
+- name: Render traefik config
+  template:
+    src: traefik.toml.j2
+    dest: "{{ traefik_directory }}/traefik.toml"
+  notify: restart traefik
+
+- name: Render docker-compose config
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ traefik_directory }}/docker-compose.yml"
+  notify: start traefik
+
+- name: Ensure acme config
+  file:
+    path: "{{ traefik_directory }}/acme.json"
+    state: touch
+    mode: 0600
+  when: traefik_acme_enable
+
+- name: Create traefik docker network
+  docker_network:
+    name: traefik
+    state: present
+
+- name: Pull Docker image
+  docker_image:
+    name: traefik
+    tag: "{{ traefik_version }}"
+  notify: start traefik

tasks/install.yml

@@ -0,0 +1,20 @@
+---
+- name: Install pip
+  apt:
+    pkg: python-pip
+    state: latest
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Upgrade pip and install docker module
+  pip:
+    name: "{{ item }}"
+    state: latest
+  with_items:
+    - pip
+    - docker
+
+- name: Create directory
+  file:
+    path: "{{ traefik_directory }}"
+    state: directory

tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- include: install.yml
+
+- include: configure.yml

templates/docker-compose.yml.j2

@@ -0,0 +1,34 @@
+# {{ ansible_managed }}
+version: '2'
+
+services:
+  traefik:
+    image: traefik
+    ports:
+      - "{{ traefik_entrypoint_http_port }}:80"
+      - "{{ traefik_entrypoint_https_port }}:443"
+{% if traefik_dashboard_enable %}
+    expose:
+      - {{ traefik_dashboard_entrypoint_port }}
+{% endif %}
+    networks:
+      - traefik
+{% if traefik_dashboard_enable %}
+    labels:
+      - "traefik.port={{ traefik_dashboard_entrypoint_port }}"
+      - "traefik.docker.network=traefik"
+      - "traefik.backend=traefik"
+      - "traefik.frontend.rule=Host:traefik.{{ traefik_docker_domain }}"
+      - "traefik.enable=true"
+{% endif %}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - {{ traefik_directory }}/traefik.toml:/traefik.toml
+{% if traefik_acme_enable %}
+      - {{ traefik_directory }}/acme.json:/acme.json
+{% endif %}
+    container_name: traefik
+
+networks:
+  traefik:
+    external: true

templates/traefik.toml.j2

@@ -0,0 +1,47 @@
+# {{ ansible_managed }}
+debug = {{ traefik_debug_enable | lower }}
+
+logLevel = "{{ traefik_log_level }}"
+defaultEntryPoints = ["https","http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":{{ traefik_entrypoint_http_port }}"
+{% if traefik_entrypoint_http_redirect_to_https %}
+    [entryPoints.http.redirect]
+{% endif %}
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":{{ traefik_entrypoint_https_port }}"
+    [entryPoints.https.tls]
+{% if traefik_dashboard_enable %}
+  [entryPoints.traefik]
+  address = ":{{ traefik_dashboard_entrypoint_port }}"
+{% if traefik_dashboard_basicauth_enable %}
+    [entryPoints.traefik.auth.basic]
+    users = [{% for htpasswd in traefik_dashboard_basicauth_users %}"{{ htpasswd }}"{{ "," if not loop.last else "" }}{% endfor %}]
+{% endif %}
+{% endif %}
+
+[retry]
+
+{% if traefik_dashboard_enable %}
+[api]
+entryPoint = "traefik"
+{% endif %}
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+domain = "{{ traefik_docker_domain }}"
+watch = true
+exposedByDefault = {{ traefik_docker_expose_by_default | lower }}
+
+{% if traefik_acme_enable %}
+[acme]
+email = "{{ traefik_acme_email }}"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = {{ traefik_acme_autocreate_from_host | lower }}
+[acme.httpChallenge]
+entryPoint = "http"
+{% endif %}