homelab/roles/docker/tasks/swarm_manager.yaml

# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/tasks.json
---
- name: Enable Docker Swarm mode
  register: swarm_info
  community.docker.docker_swarm:
    state: present
    subnet_size: 24
    default_addr_pool:
      - 10.20.0.0/16

- name: Disable workload on managers
  community.docker.docker_node:
    hostname: "{{ ansible_hostname }}"
    role: manager
    availability: drain

- name: Create Docker context for each Swarm manager machine
  ignore_errors: true
  local_action: >
    ansible.builtin.command docker context create {{ ansible_hostname }} --docker "host=ssh://{{ ansible_default_ipv4.address }}"

- name: Create reverse-proxy network
  community.docker.docker_network:
    name: reverse_proxy
    driver: overlay

- name: Deploy Traefik service
  community.docker.docker_stack:
    prune: true
    name: reverse_proxy
    compose:
      - networks:
          reverse_proxy:
            external: true
        services:
          traefik:
            image: 'traefik:v3.2'
            restart: unless-stopped
            deploy:
              mode: global
            networks:
              - reverse_proxy
            ports:
              - target: 80
                published: 80
                protocol: tcp
                mode: host
              - target: 443
                published: 443
                protocol: tcp
                mode: host
              - target: 5432
                published: 5432
                protocol: tcp
                mode: host
              - target: 8080
                published: 8080
                protocol: tcp
                mode: host
            command:
              - '--api.dashboard=true'
              - '--api.insecure=true'
              - '--entrypoints.http.address=:80'
              - '--entrypoints.http.asDefault=true'
              - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
              - '--entrypoints.http.http.encodequerysemicolons=true'
              - '--entryPoints.http.http2.maxConcurrentStreams=50'
              - '--entrypoints.postgres.address=:5432'
              - '--providers.swarm=true'
              - '--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375'
              - '--providers.swarm.exposedByDefault=false'
              - '--providers.swarm.network=reverse_proxy'