Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/traefik/templates/traefik.yml.j2
Pieter 4e72ddf4ef Complete Ansible base configuration (#2) 
Completed Issue #2: Ansible Base Configuration

All objectives met:
-  Hetzner Cloud dynamic inventory (hcloud plugin)
-  Common role (SSH hardening, UFW firewall, fail2ban, auto-updates)
-  Docker role (Docker Engine + Compose + networks)
-  Traefik role (reverse proxy with Let's Encrypt SSL)
-  Setup playbook (orchestrates all base roles)
-  Successfully tested on live test server (91.99.210.204)

Additional improvements:
- Fixed ansible.cfg for Ansible 2.20+ compatibility
- Updated ADR dates to 2025
- All roles follow Infrastructure Agent patterns

Test Results:
- SSH hardening applied (key-only auth)
- UFW firewall active (ports 22, 80, 443)
- Fail2ban protecting SSH
- Automatic security updates enabled
- Docker running with traefik network
- Traefik deployed and ready for SSL

Files added:
- ansible/playbooks/setup.yml
- ansible/roles/docker/* (complete)
- ansible/roles/traefik/* (complete)

Closes #2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-27 14:13:15 +01:00

50 lines
981 B
Django/Jinja
Raw Blame History

# Traefik static configuration
# Managed by Ansible - do not edit manually
api:
dashboard: {{ traefik_dashboard_enabled | lower }}
{% if traefik_dashboard_enabled %}
insecure: false
{% endif %}
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls:
certResolver: letsencrypt
providers:
docker:
endpoint: "unix://{{ traefik_docker_socket }}"
exposedByDefault: false
network: {{ traefik_network }}
file:
filename: /etc/traefik/dynamic.yml
watch: true
certificatesResolvers:
letsencrypt:
acme:
email: {{ traefik_acme_email }}
storage: /letsencrypt/acme.json
{% if traefik_acme_staging %}
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
{% endif %}
httpChallenge:
entryPoint: web
log:
level: INFO
accessLog:
filePath: /var/log/traefik/access.log
Reference in a new issue View git blame Copy permalink