feat: add traefik router to docker swarm

files/docker/compose-traefik.yaml

@@ -0,0 +1,43 @@
+version: '3'
+networks:
+  reverse-proxy:
+    external: true
+services:
+  traefik:
+    container_name: traefix-proxy
+    image: 'traefik:latest'
+    restart: unless-stopped
+    networks:
+      - reverse-proxy
+    ports:
+      - '80:80'
+      - '443:443'
+      - '8080:8080'
+    healthcheck:
+      test: 'wget -qO- http://localhost:80/ping || exit 1'
+      interval: 4s
+      timeout: 2s
+      retries: 5
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+      - '/data/coolify/proxy:/traefik'
+    command:
+      - '--ping=true'
+      - '--ping.entrypoint=http'
+      - '--api.dashboard=true'
+      - '--api.insecure=true'
+      - '--entrypoints.http.address=:80'
+      - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
+      - '--entrypoints.https.address=:443'
+      - '--entryPoints.https.forwardedHeaders.trustedIPs=10.0.10.0/24'
+      - '--entrypoints.http.http.encodequerysemicolons=true'
+      - '--entryPoints.http.http2.maxConcurrentStreams=50'
+      - '--entrypoints.https.http.encodequerysemicolons=true'
+      - '--entryPoints.https.http2.maxConcurrentStreams=50'
+      - '--providers.docker.exposedbydefault=false'
+      - "--providers.swarm.endpoint=tcp://127.0.0.1:2377"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.traefik.entrypoints=http
+      - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.services.traefik.loadbalancer.server.port=8080

playbooks/setup/alpine.yaml

@@ -85,12 +85,6 @@
         key: "{{ robo.authorized_key }}"
         key_options: "command=\"{{ robo.allowed_commands | join('; ') }}\""
 
-  handlers:
-    - name: Restart sshd
-      ansible.builtin.service:
-        name: sshd
-        state: restarted
-
 - name: Setup Docker
   hosts: docker
   user: root
@@ -98,10 +92,13 @@
     ../../variables/secrets.yaml
   tasks:
     - name: Install packages
+      notify: Restart docker
       ansible.builtin.package:
         state: present
         name:
           - docker
+          - docker-cli-compose
+          - py3-yaml
           - py3-pip
           - py3-docker-py
 
@@ -117,7 +114,71 @@
       - name: Enable Docker Swarm mode
         community.docker.docker_swarm:
           state: present
-          advertise_addr: "{{ ansible_default_ipv4.address }}"
+
+      - name: Create Traefik network
+        community.docker.docker_network:
+          name: reverse-proxy
+          driver: overlay
+          attachable: true
+
+      - name: Deploy Traefik service
+        community.docker.docker_compose_v2:
+          remove_orphans: true
+          project_name: reverse-proxy
+          definition:
+            networks:
+              reverse-proxy:
+                external: true
+            services:
+              traefik:
+                container_name: traefix-proxy
+                image: 'traefik:latest'
+                restart: unless-stopped
+                networks:
+                  - reverse-proxy
+                ports:
+                  # listen on host ports without ingress network
+                  - target: 80
+                    published: 80
+                    protocol: tcp
+                    mode: host
+                  - target: 443
+                    published: 443
+                    protocol: tcp
+                    mode: host
+                  - target: 8080
+                    published: 8080
+                    protocol: tcp
+                    mode: host
+                volumes:
+                  - /var/run/docker.sock:/var/run/docker.sock:ro
+                healthcheck:
+                  test: 'wget -qO- http://localhost:80/ping || exit 1'
+                  interval: 4s
+                  timeout: 2s
+                  retries: 5
+                command:
+                  - '--ping=true'
+                  - '--ping.entrypoint=http'
+                  - '--api.dashboard=true'
+                  - '--api.insecure=true'
+                  - '--entrypoints.http.address=:80'
+                  - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
+                  - '--entrypoints.http.http.encodequerysemicolons=true'
+                  - '--entryPoints.http.http2.maxConcurrentStreams=50'
+                  # - "--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375"
+                  - --providers.swarm.exposedByDefault=false
+                  - --providers.swarm.network=reverse-proxy
+                deploy:
+                  mode: global
+                  placement:
+                    constraints:
+                      - node.role==manager
+                  labels:
+                    - traefik.enable=true
+                    - traefik.http.routers.traefik.entrypoints=http
+                    - traefik.http.routers.traefik.service=api@internal
+                    - traefik.http.services.traefik.loadbalancer.server.port=8080
 
       - name: Check if Docker context exists
         local_action: ansible.builtin.command docker context inspect {{ ansible_hostname }}
@@ -136,3 +197,13 @@
         remote_addrs: ["{{ hostvars['manager']['ansible_default_ipv4']['address'] }}"]
       when: not docker_swarm_manager | bool
 
+
+  handlers:
+    - name: Restart sshd
+      ansible.builtin.service:
+        name: sshd
+        state: restarted
+    - name: Restart docker
+      ansible.builtin.service:
+        name: docker
+        state: restarted