--- - name: Ensure podman extras are installed pacman: name: - podman-docker - podman-dnsname state: present become: true become_method: sudo # TODO: This is going to be problematic unless I can figure out a way to # get the calling user's dbus session up... # Ref: https://wiki.archlinux.org/title/Podman#Docker_Compose - name: Start podman service systemd: scope: user name: podman.service state: started enabled: yes - name: Pull traefik container image podman_image: name: {{ image_name }} tag: {{ image_tag }} pull: yes state: present - name: Set up podman network for traefik-public podman_network: name: traefik-public - name: Create and start traefik container podman_container: name: traefik hostname: traefik image: "{{ image_name }}:{{ image_tag }}" state: started restart_policy: always network: traefik-public command: - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:433" - "--providers.docker" - "--providers.docker.exposedByDefault=false" - "--api" - "--certificatesresolvers.le.acme.email={{ letsencrypt_email }}" - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" - "--certificatesrecolvers.le.acme.tlschallenge=true" - "--accesslog=true" publish: - 80:80 - 443:443 volumes: - "{{ docker_sock_path }}:/var/run/docker.sock:ro" - "{{ traefik_config_dir }}:/etc/traefik" - "{{ traefik_certs_dir }}:/letsencrypt" label: - "traefik.enable=true" # Enable dashboard - "traefik.http.routers.traefik.rule=Host({{ traefik_dashboard_host }})" - "traefik.http.routers.traefik.service=api@internal" # Use TLS - "traefik.http.routers.traefik.tls=true" # Set up LetsEncrypt for automatic cert generation - "traefik.http.routers.traefik.tls.certresolver=le" - "traefik.http.routers.traefik.entrypoints=websecure" # Set up global redirect to https - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.*)" - "traefik.http.routers.http-catchall.entrypoints=web" - "traefik.http.routers.http-catchall-middlewares=redirect-to-https"