2022-07-10 10:51:06 +02:00
|
|
|
- name: Router-WebGUI-Traefik-setup
|
|
|
|
hosts: all
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: /usr/local/sbin/router-over-traefik.sh
|
|
|
|
blockinfile:
|
|
|
|
path: /usr/local/sbin/router-over-traefik.sh
|
|
|
|
create: yes
|
|
|
|
mode: 0550
|
|
|
|
owner: root
|
|
|
|
group: docker
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
|
|
block: |
|
|
|
|
. /etc/bash/gaboshlib.include
|
|
|
|
g_lockfile
|
|
|
|
g_nice
|
|
|
|
g_all-to-syslog
|
2023-09-18 13:51:23 +02:00
|
|
|
|
2022-07-10 10:51:06 +02:00
|
|
|
|
|
|
|
if wget -q -t1 --timeout=30 http://${defaultgw} -O /dev/null
|
|
|
|
then
|
2023-09-18 13:51:23 +02:00
|
|
|
|
|
|
|
cd /home/docker/traefik
|
|
|
|
user=admin
|
|
|
|
password=$(pwgen -s 32 1)
|
|
|
|
|
|
|
|
[ -f router-env ] || echo "USER=!USER!
|
|
|
|
PASSWORD=!PASSWORD!
|
|
|
|
" >router-env
|
|
|
|
|
|
|
|
chmod 440 router-env
|
|
|
|
chown root:docker router-env
|
|
|
|
sed -i "s/\!USER\!/$user/g" router-env
|
|
|
|
sed -i "s/\!PASSWORD\!/$password/g" router-env
|
|
|
|
|
|
|
|
. router-env
|
|
|
|
|
|
|
|
echo $(htpasswd -nb $USER $PASSWORD) >providers/router.usersfile
|
|
|
|
defaultgw=$(ip route | awk '/default/ { print $3 }')
|
|
|
|
|
2022-07-10 10:51:06 +02:00
|
|
|
echo "
|
|
|
|
http:
|
|
|
|
routers:
|
|
|
|
router:
|
|
|
|
rule: \"Host(\`router.{{inventory_hostname}}\`)\"
|
|
|
|
service: router
|
|
|
|
entryPoints:
|
|
|
|
- \"https\"
|
|
|
|
tls:
|
2022-11-05 15:15:18 +01:00
|
|
|
certresolver: letsencrypt
|
2022-07-10 10:51:06 +02:00
|
|
|
middlewares:
|
|
|
|
- \"secHeaders@file\"
|
|
|
|
- \"auth-router\"
|
|
|
|
services:
|
|
|
|
router:
|
|
|
|
loadBalancer:
|
|
|
|
servers:
|
|
|
|
- url: \"http://${defaultgw}:80\"
|
|
|
|
middlewares:
|
|
|
|
auth-router:
|
|
|
|
basicauth:
|
2023-09-18 13:51:23 +02:00
|
|
|
usersFile: \"/etc/traefik/providers.local/router.usersfile\"
|
|
|
|
removeHeader: true
|
2022-07-10 10:51:06 +02:00
|
|
|
" >/home/docker/traefik/providers/router.yml
|
|
|
|
else
|
|
|
|
rm -f /home/docker/traefik/providers/router.yml
|
|
|
|
fi
|
|
|
|
backup: yes
|
|
|
|
validate: /bin/bash -n %s
|
|
|
|
notify: router-over-traefik
|
|
|
|
|
|
|
|
- name: /usr/local/sbin/router-over-traefik.sh shebang
|
|
|
|
lineinfile:
|
|
|
|
path: /usr/local/sbin/router-over-traefik.sh
|
|
|
|
insertbefore: BOF
|
|
|
|
line: "#!/bin/bash"
|
|
|
|
|
|
|
|
- name: Gen initial passwords if not exists
|
|
|
|
ansible.builtin.shell: /usr/local/sbin/router-over-traefik.sh
|
|
|
|
args:
|
|
|
|
creates: /home/docker/traefik/providers/router.yml
|
|
|
|
|
|
|
|
- name: /etc/cron.d/router-over-traefik_local
|
|
|
|
blockinfile:
|
|
|
|
path: /etc/cron.d/router-over-traefik
|
|
|
|
mode: "0400"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
|
|
block: |
|
|
|
|
## Auto-Update
|
|
|
|
1 1 * * * root /usr/local/sbin/router-over-traefik.sh
|
|
|
|
backup: yes
|
|
|
|
|
|
|
|
handlers:
|
2022-11-06 10:32:58 +01:00
|
|
|
- name: router-over-traefik
|
|
|
|
ansible.builtin.shell: /usr/local/sbin/router-over-traefik.sh
|
2022-07-10 10:51:06 +02:00
|
|
|
|