2 files changed, 175 insertions, 0 deletions
diff --git a/ansible/plays/kjell-ct-102.yml b/ansible/plays/kjell-ct-102.yml
new file mode 100644
index 0000000..87b9459
--- /dev/null
+++ b/ansible/plays/kjell-ct-102.yml
@@ -0,0 +1,49 @@
+- hosts:
+    - kjell-ct-102
+  vars:
+    traefik_version: 3.4.1
+    traefik_checksum: md5:f299230ea9f247a672b187a79f2e76e6719ccbee
+    traefik_template: traefik-proxy.toml.j2
+  tasks:
+    - become: yes
+      apt:
+        name:
+          - etckeeper
+          - sudo
+      tags: packages,never
+  
+    - import_role:
+        name: timezone
+      tags: timezone,never
+  
+    - name: Load values from sops.yml
+      community.sops.load_vars:
+        name: env
+        file: ../../sops.yml
+      tags: traefik-server,never
+
+    - import_role:
+        name: traefik-server
+      vars:
+        traefik_environment:
+          LINODE_TOKEN: "{{ env.linode_token }}"
+      tags: traefik-server,never
+
+    - name: /etc/systemd/services/traefik.service
+      become: true
+      template:
+        src: "{{ traefik_template }}"
+        dest: /etc/traefik/traefik.toml
+        owner: root
+        group: root
+        mode: 0644
+      register: template
+
+    - name: systemctl restart traefik
+      become: true
+      systemd:
+        daemon_reload: true
+        unit: traefik
+        enabled: true
+        state: restarted
+      when: template.changed
diff --git a/ansible/plays/templates/traefik-proxy.toml.j2 b/ansible/plays/templates/traefik-proxy.toml.j2
new file mode 100644
index 0000000..d538664
--- /dev/null
+++ b/ansible/plays/templates/traefik-proxy.toml.j2
@@ -0,0 +1,126 @@
+[global]
+  checkNewVersion = true
+  sendAnonymousUsage = false
+
+################################################################
+# Entrypoints configuration
+################################################################
+
+[entryPoints]
+#  [entryPoints.web]
+#    address = ":80"
+
+  [entryPoints.websecure]
+    address = ":443"
+
+    [entryPoints.websecure.http.tls]
+      certResolver = "linode"
+
+[log]
+
+  # Log level
+  #
+  # Optional
+  # Default: "ERROR"
+  #
+  level = "DEBUG"
+
+  # Sets the filepath for the traefik log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+  # filePath = "log/traefik.log"
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+  # format = "json"
+
+################################################################
+# Access logs configuration
+################################################################
+
+# Enable access logs
+# By default it will write to stdout and produce logs in the textual
+# Common Log Format (CLF), extended with additional fields.
+#
+# Optional
+#
+# [accessLog]
+
+  # Sets the file path for the access log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+  # filePath = "/path/to/log/log.txt"
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+  # format = "json"
+
+################################################################
+# API and dashboard configuration
+################################################################
+
+# Enable API and dashboard
+[api]
+
+  # Enable the API in insecure mode
+  #
+  # Optional
+  # Default: false
+  #
+  # insecure = true
+
+  # Enabled Dashboard
+  #
+  # Optional
+  # Default: true
+  #
+  # dashboard = false
+
+################################################################
+# Ping configuration
+################################################################
+
+# Enable ping
+[ping]
+
+  # Name of the related entry point
+  #
+  # Optional
+  # Default: "traefik"
+  #
+  # entryPoint = "traefik"
+
+
+[certificatesResolvers.linode.acme]
+  email = "root@trygvis.io"
+  storage = "acme.json"
+  [certificatesResolvers.linode.acme.dnsChallenge]
+    provider = "linode"
+    delayBeforeCheck = 1
+
+[http]
+[http.routers]
+  [http.routers.junk]
+  rule = "Host(`junk.dn42.trygvis.io`)"
+  service = "netbox"
+
+  [http.routers.junk.tls]
+    certResolver = "linode"
+
+  [http.services]
+    # Define how to reach an existing service on our infrastructure
+    [http.services.netbox.loadBalancer]
+      [[http.services.netbox.loadBalancer.servers]]
+        url = "http://[fdb1:4242:3538:2005:be24:11ff:febb:5c7f]:8080"