feat: deployable playbook

roles/traefik/templates/docker-compose.yml.j2

@@ -0,0 +1,41 @@
+name: traefik
+
+services:
+  traefik:
+    image: "{{ traefik_image }}"
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - "{{ traefik_config_dir }}/traefik.yml:/etc/traefik/traefik.yml:ro"
+      - "{{ traefik_data_dir }}:/data"
+{% if traefik_custom_ca_enabled | default(false) %}
+      - "{{ traefik_custom_ca_path }}:/etc/ssl/certs/custom-ca.pem:ro"
+{% endif %}
+    networks:
+{% for network in traefik_networks %}
+      - "{{ network.name }}"
+{% endfor %}
+{% if traefik_custom_ca_enabled | default(false) %}
+    environment:
+      - LEGO_CA_CERTIFICATES=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/custom-ca.pem
+{% endif %}
+    command:
+      - --configfile=/etc/traefik/traefik.yml
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.{{ traefik_domain | default('localhost') }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+      - "traefik.http.routers.traefik-dashboard.service=api@internal"
+
+networks:
+{% for network in traefik_networks %}
+  {{ network.name }}:
+{% if network.external | default(false) %}
+    external: true
+{% else %}
+    driver: bridge
+{% endif %}
+{% endfor %}

roles/traefik/templates/traefik.yml.j2

@@ -0,0 +1,86 @@
+# Traefik Static Configuration
+# Generated by Ansible - DO NOT EDIT MANUALLY
+
+# Global Configuration
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+
+# API Configuration
+api:
+  dashboard: true
+  insecure: false
+
+# Entry Points
+entryPoints:
+{% for name, config in traefik_entrypoints.items() %}
+  {{ name }}:
+    address: "{{ config.address }}"
+{% if config.http is defined %}
+    http:
+{% if config.http.tls is defined %}
+      tls:
+{% if config.http.tls.certResolver is defined %}
+        certResolver: {{ config.http.tls.certResolver }}
+{% endif %}
+{% endif %}
+{% if config.http.redirections is defined %}
+      redirections:
+{% for redirection in config.http.redirections %}
+        entryPoint:
+          to: "{{ redirection.entrypoint.to }}"
+          scheme: "{{ redirection.entrypoint.scheme }}"
+          permanent: {{ redirection.entrypoint.permanent | lower }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
+
+# Providers
+providers:
+{% for name, config in traefik_providers.items() %}
+  {{ name }}:
+{% for key, value in config.items() %}
+    {{ key }}: {{ value | to_json if value is mapping else (value | lower if value is boolean else value) }}
+{% endfor %}
+{% endfor %}
+
+
+{% if traefik_acme_enabled %}
+# Certificate Resolvers
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "{{ traefik_acme_email }}"
+      storage: "{{ traefik_acme_storage }}"
+{% if traefik_acme_ca_server is defined %}
+      caServer: "{{ traefik_acme_ca_server }}"
+{% endif %}
+      httpChallenge:
+        entryPoint: web
+{% endif %}
+
+# Logging
+log:
+  level: "{{ traefik_log_level }}"
+
+{% if traefik_access_logs %}
+accessLog:
+{% if traefik_access_logs_format is defined %}
+  format: "{{ traefik_access_logs_format }}"
+{% endif %}
+{% if traefik_access_logs_fields is defined %}
+  fields:
+    defaultMode: "{{ traefik_access_logs_fields.defaultMode }}"
+{% if traefik_access_logs_fields.headers is defined %}
+    headers:
+      defaultMode: "{{ traefik_access_logs_fields.headers.defaultMode }}"
+{% if traefik_access_logs_fields.headers.names is defined %}
+      names:
+{% for header, mode in traefik_access_logs_fields.headers.names.items() %}
+        "{{ header }}": "{{ mode }}"
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endif %}
+{% endif %}