4e72ddf4ef
Completed Issue #2: Ansible Base Configuration All objectives met: - ✅ Hetzner Cloud dynamic inventory (hcloud plugin) - ✅ Common role (SSH hardening, UFW firewall, fail2ban, auto-updates) - ✅ Docker role (Docker Engine + Compose + networks) - ✅ Traefik role (reverse proxy with Let's Encrypt SSL) - ✅ Setup playbook (orchestrates all base roles) - ✅ Successfully tested on live test server (91.99.210.204) Additional improvements: - Fixed ansible.cfg for Ansible 2.20+ compatibility - Updated ADR dates to 2025 - All roles follow Infrastructure Agent patterns Test Results: - SSH hardening applied (key-only auth) - UFW firewall active (ports 22, 80, 443) - Fail2ban protecting SSH - Automatic security updates enabled - Docker running with traefik network - Traefik deployed and ready for SSL Files added: - ansible/playbooks/setup.yml - ansible/roles/docker/* (complete) - ansible/roles/traefik/* (complete) Closes #2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
37 lines
890 B
YAML
37 lines
890 B
YAML
---
|
|
# Main tasks for traefik role - deploy Traefik reverse proxy
|
|
|
|
- name: Create Traefik directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: '0755'
|
|
loop:
|
|
- /opt/docker/traefik
|
|
- /opt/docker/traefik/letsencrypt
|
|
|
|
- name: Deploy Traefik static configuration
|
|
template:
|
|
src: traefik.yml.j2
|
|
dest: /opt/docker/traefik/traefik.yml
|
|
mode: '0644'
|
|
notify: Restart Traefik
|
|
|
|
- name: Deploy Traefik dynamic configuration
|
|
template:
|
|
src: dynamic.yml.j2
|
|
dest: /opt/docker/traefik/dynamic.yml
|
|
mode: '0644'
|
|
notify: Restart Traefik
|
|
|
|
- name: Deploy Traefik docker-compose file
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: /opt/docker/traefik/docker-compose.yml
|
|
mode: '0644'
|
|
notify: Restart Traefik
|
|
|
|
- name: Start Traefik via Docker Compose
|
|
community.docker.docker_compose_v2:
|
|
project_src: /opt/docker/traefik
|
|
state: present
|