From 9767258726798c2cab9ebdb7dde3f3514fabddcc Mon Sep 17 00:00:00 2001
From: olli <olli@gabosh.net>
Date: Sun, 10 Jul 2022 10:51:06 +0200
Subject: [PATCH] first commit

---
 README.md  |  0
 router.yml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 README.md
 create mode 100644 router.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/router.yml b/router.yml
new file mode 100644
index 0000000..1e13ff0
--- /dev/null
+++ b/router.yml
@@ -0,0 +1,80 @@
+- name: Router-WebGUI-Traefik-setup
+  hosts: all
+  tasks:
+
+    - name: /usr/local/sbin/router-over-traefik.sh
+      blockinfile:
+        path: /usr/local/sbin/router-over-traefik.sh
+        create: yes
+        mode: 0550
+        owner: root
+        group: docker
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          . /etc/bash/gaboshlib.include
+          g_lockfile
+          g_nice
+          g_all-to-syslog
+
+          defaultgw=$(ip route | awk '/default/ { print $3 }')
+          if wget -q -t1 --timeout=30  http://${defaultgw} -O /dev/null
+          then
+            echo "
+          http:
+            routers:
+              router:
+                rule: \"Host(\`router.{{inventory_hostname}}\`)\"
+                service: router
+                entryPoints:
+                  - \"https\"
+                tls:
+                  certresolver:
+                    - \"letsencrypt\"
+                middlewares: 
+                    - \"secHeaders@file\"
+                    - \"auth-router\"
+            services:
+              router:
+                loadBalancer:
+                  servers:
+                    - url: \"http://${defaultgw}:80\"
+            middlewares:
+              auth-router:
+                basicauth:
+                  users: \"admin:\$apr1\$XLxGs/Ba\$3phZ1a2RtfExOp8x6NFjZ.\"
+          " >/home/docker/traefik/providers/router.yml
+          else
+            rm -f /home/docker/traefik/providers/router.yml
+          fi
+        backup: yes
+        validate: /bin/bash -n %s
+      notify: router-over-traefik
+
+    - name: /usr/local/sbin/router-over-traefik.sh shebang
+      lineinfile:
+        path: /usr/local/sbin/router-over-traefik.sh
+        insertbefore: BOF
+        line: "#!/bin/bash"
+
+    - name: Gen initial passwords if not exists
+      ansible.builtin.shell: /usr/local/sbin/router-over-traefik.sh
+      args:
+        creates: /home/docker/traefik/providers/router.yml
+
+    - name: /etc/cron.d/router-over-traefik_local
+      blockinfile:
+        path: /etc/cron.d/router-over-traefik
+        mode: "0400"
+        owner: root
+        group: root
+        create: yes
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          ## Auto-Update
+          1 1 * * * root /usr/local/sbin/router-over-traefik.sh
+        backup: yes
+
+  handlers:
+    name: router-over-traefik
+    ansible.builtin.shell: /usr/local/sbin/router-over-traefik.sh
+