Waow

author: Elizabeth Hunt <me@liz.coffee> 2025-04-27 21:15:30 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-04-27 21:25:52 -0700
commit: daef0cf448af17357b552245f39067a9d340ce3d (patch)
tree: f65a660f7232f057b0c14e477c166006bfb83f87 /playbooks/roles/traefik
parent: 1dcdfe34a74708f88aad68af965f4bb5c79adff1 (diff)
download: infra-daef0cf448af17357b552245f39067a9d340ce3d.tar.gz
infra-daef0cf448af17357b552245f39067a9d340ce3d.zip
3 files changed, 38 insertions, 43 deletions
diff --git a/playbooks/roles/traefik/tasks/main.yml b/playbooks/roles/traefik/tasks/main.yml
index c365f55..ad96334 100644
--- a/playbooks/roles/traefik/tasks/main.yml
+++ b/playbooks/roles/traefik/tasks/main.yml
@@ -1,19 +1,13 @@
 ---
 
-- name: Build traefik compose dirs
-  ansible.builtin.file:
-    state: directory
-    dest: '{{ traefik_base }}/{{ item.path }}'
-  with_filetree: '../templates'
-  when: item.state == 'directory'
+- name: Deploy traefik and tailnet -> home proxy
+  ansible.builtin.import_tasks: manage-docker-swarm-service.yml
+  vars:
+    service_name: traefik
+    template_render_dir: "../templates"
+    service_destination_dir: "{{ traefik_base }}"
 
-- name: Build traefik compose files
-  ansible.builtin.template:
-    src: '{{ item.src }}'
-    dest: '{{ traefik_base }}/{{ item.path }}'
-  with_filetree: '../templates'
-  when: item.state == 'file'
-
-- name: Deploy Traefik stack
-  ansible.builtin.command:
-    cmd: "docker stack deploy -c {{ traefik_base }}/stacks/docker-compose.yml traefik"
+- name: Pause for user confirmation (Auth Key)
+  when: homelab_build
+  ansible.builtin.pause:
+    prompt: "Please accept the subnet router in headscale..."
diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
index 6b6aee3..7e9daef 100644
--- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
@@ -4,11 +4,17 @@ services:
     hostname: headscale-traefik
     restart: unless-stopped
     environment:
+      - DEPLOYMENT_TIME={{ now() }}
+      - TZ={{ timezone }}
       - TS_AUTHKEY={{ headscale_user_auth_key }}
       - TS_EXTRA_ARGS=--login-server=https://{{ headscale_host }} --accept-dns --stateful-filtering=false --advertise-routes={{ loadbalancer_ip }}/32
       - TS_STATE_DIR=/var/lib/tailscale
       - TS_USERSPACE=false
-      - TZ={{ timezone }}
+    healthcheck:
+      test: ["CMD-SHELL", "tailscale status"]
+      interval: 1s
+      timeout: 5s
+      retries: 10
     volumes:
       - {{ traefik_base }}/volumes/headscale:/var/lib/tailscale
       - /dev/net/tun:/dev/net/tun
@@ -20,20 +26,27 @@ services:
     deploy:
       mode: replicated
       replicas: 1
-      placement:
-        constraints: [node.role == manager]
+      update_config:
+        parallelism: 1
+        order: stop-first # hostname conflicts
+        failure_action: rollback
+        monitor: 8s
   traefik:
     image: traefik:v3
     restart: unless-stopped
     depends_on:
       - headscale-client
     ports:
+      # http
       - 80:80
       - 443:443
-      - 53:53
-      - 53:53/udp
-      - 3636:3636
+    healthcheck:
+      test: traefik healthcheck --ping
+      interval: 10s
+      retries: 2
+      timeout: 3s
     environment:
+      - DEPLOYMENT_TIME={{ now() }}
       - TZ={{ timezone }}
       - CF_API_EMAIL={{ cloudflare_email }}
       - CF_DNS_API_TOKEN={{ cloudflare_dns_api_token }}
@@ -45,9 +58,13 @@ services:
       - proxy
       - headnet
     deploy:
-      mode: global
-      placement:
-        constraints: [node.role == manager]
+      mode: replicated
+      replicas: 2
+      update_config:
+        parallelism: 1
+        order: start-first
+        failure_action: rollback
+        monitor: 8s
       labels:
         - traefik.enable=true
         - traefik.http.routers.dashboard.rule=Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
diff --git a/playbooks/roles/traefik/templates/stacks/traefik.yml b/playbooks/roles/traefik/templates/stacks/traefik.yml
index 976ad7a..ceeb0cb 100644
--- a/playbooks/roles/traefik/templates/stacks/traefik.yml
+++ b/playbooks/roles/traefik/templates/stacks/traefik.yml
@@ -1,11 +1,11 @@
 ping: {}
 accessLog: {}
 log:
-  level: DEBUG
+  level: INFO
 api:
   dashboard: true
   insecure: true
-  debug: false
+  debug: true
 entryPoints:
   web:
     address: ":80"
@@ -16,22 +16,6 @@ entryPoints:
           scheme: https
   websecure:
     address: ":443"
-  dns_udp:
-    address: ":53/udp"
-  dns_tcp:
-    address: ":53/tcp"
-  ldaps:
-    address: ":3636/tcp"
-  sieve:
-    address: ":4190/tcp"
-  imap:
-    address: ":993/tcp"
-  smtps:
-    address: ":465/tcp"
-  smtp:
-    address: ":25/tcp"
-  smtptls:
-    address: ":587/tcp"
 serversTransport:
   insecureSkipVerify: true
 providers:
author	Elizabeth Hunt <me@liz.coffee>	2025-04-27 21:15:30 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-04-27 21:25:52 -0700
commit	daef0cf448af17357b552245f39067a9d340ce3d (patch)
tree	f65a660f7232f057b0c14e477c166006bfb83f87 /playbooks/roles/traefik
parent	1dcdfe34a74708f88aad68af965f4bb5c79adff1 (diff)
download	infra-daef0cf448af17357b552245f39067a9d340ce3d.tar.gz infra-daef0cf448af17357b552245f39067a9d340ce3d.zip