Add dashboard config

.vscode/settings.json

@@ -7,5 +7,6 @@
         "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": [
             "/services/*/stack.yml"
         ]
-    }
+    },
+    "yaml.customTags": ["!vault"]
 }

deploy.yaml

@@ -12,3 +12,5 @@
       vars:
         service: "{{ item }}"
       loop: "{{ services }}"
+      tags:
+        - always

services/gitea/stack.yml

@@ -9,7 +9,7 @@ services:
     environment:
       - USER_UID={{ git_user.uid }}
       - USER_GID={{ git_user.group }}
-      - ROOT_URL=http://git.kadet.local/
+      - ROOT_URL=http://git.{{ main_domain }}/
       - DB_TYPE=mysql
       - DB_HOST=db:3306
       - DB_NAME=gitea
@@ -29,7 +29,7 @@ services:
     deploy:
       labels:
         - traefik.enable=true
-        - traefik.http.routers.{{ service }}.rule=Host(`git.kadet.local`)
+        - traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`)
         - traefik.http.services.{{ service }}.loadbalancer.server.port=3000
 
   db:

services/traefik/config/dynamic/dashboard.yaml

@@ -0,0 +1,19 @@
+#jinja2: lstrip_blocks: True
+---
+# Dashboard Configuration
+http:
+  routers:
+    dashboard:
+      rule: Host(`traefik.{{ main_domain }}`)
+      service: api@internal
+{% if dashboard_users is defined %}
+      middlewares:
+        - dashboard_auth
+  middlewares:
+    dashboard_auth:
+      basicAuth:
+        users: 
+        {% for user in dashboard_users %}
+          - "{{ user.name }}:{{ user.password }}"
+        {% endfor %}
+{% endif %}

services/traefik/config/traefik.yaml

@@ -1,14 +1,4 @@
-################################################################
+---
-#
-# Configuration sample for Traefik v2.
-#
-# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
-#
-################################################################
-
-################################################################
-# Global configuration
-################################################################
 global:
   checkNewVersion: true
   sendAnonymousUsage: true
@@ -16,98 +6,30 @@ global:
 ################################################################
 # EntryPoints configuration
 ################################################################
-
-# EntryPoints definition
-#
-# Optional
-#
 entryPoints:
-  web:
+  web:       
     address: :80
-
+  websecure: 
-  websecure:
     address: :443
 
 ################################################################
 # Traefik logs configuration
 ################################################################
-
-# Traefik logs
-# Enabled by default and log to stdout
-#
-# Optional
-#
 log:
-  # Log level
+  level: DEBUG
-  #
+  format: common
-  # Optional
-  # Default: "ERROR"
-  #
- level: DEBUG
-
-  # Sets the filepath for the traefik log. If not specified, stdout will be used.
-  # Intermediate directories are created if necessary.
-  #
-  # Optional
-  # Default: os.Stdout
-  #
- filePath: os.Stdout
-
-  # Format is either "json" or "common".
-  #
-  # Optional
-  # Default: "common"
-  #
- format: common
 
 ################################################################
 # Access logs configuration
 ################################################################
-
-# Enable access logs
-# By default it will write to stdout and produce logs in the textual
-# Common Log Format (CLF), extended with additional fields.
-#
-# Optional
-#
 accessLog:
-  # Sets the file path for the access log. If not specified, stdout will be used.
+  format: common
-  # Intermediate directories are created if necessary.
-  #
-  # Optional
-  # Default: os.Stdout
-  #
- filePath: os.Stdout
-
-  # Format is either "json" or "common".
-  #
-  # Optional
-  # Default: "common"
-  #
- format: common
 
 ################################################################
 # API and dashboard configuration
 ################################################################
-
+api:
-# Enable API and dashboard
+  dashboard: true
-#
-# Optional
-#
-#api:
-  # Enable the API in insecure mode
-  #
-  # Optional
-  # Default: false
-  #
-#  insecure: true
-
-  # Enabled Dashboard
-  #
-  # Optional
-  # Default: true
-  #
-#  dashboard: false
 
 ################################################################
 # Ping configuration
@@ -127,8 +49,10 @@ accessLog:
 ################################################################
 
 providers:
+  # File configuration for non-docker containers
   file:
     directory: "/etc/traefik/dynamic"
+
   # Enable Docker configuration backend
   docker:
     endpoint: "unix:///var/run/docker.sock"

services/traefik/stack.yml

@@ -5,6 +5,7 @@ services:
     image: traefik:v2.4
     ports:
       - 80:80
+      - 8080:8080
       - 443:443
     volumes:
       - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro

services/traefik/tasks/config.yml

@@ -3,9 +3,23 @@
   copy:
     src: "{{ service_path }}/config/traefik.yaml"
     dest: "{{ remote_service_path }}/config/traefik.yaml"
+  tags:
+    - config
 
 - name: 'Ensure dynamic config directory exists'
   file:
     path: "{{ remote_service_path }}/config/dynamic"
     state: directory
     owner: "{{ ansible_user }}"
+  tags:
+    - config
+
+- name: 'Copy dynamic config'
+  template:
+    src: "{{ file }}"
+    dest: "{{ remote_service_path }}/config/dynamic/{{ file|basename }}"
+  with_fileglob: "{{ service_path }}/config/dynamic/*.yaml"
+  loop_control:
+    loop_var: file
+  tags:
+    - config

tasks/deploy.yml

@@ -1,9 +1,20 @@
 ---
 - name: 'Include vars for "{{ service }}" service'
-  include_vars: "{{ file }}"
+  include_vars: "{{ service_vars_file }}"
   with_fileglob: "{{ services_root }}/{{ service }}/vars/*"
   loop_control:
-    loop_var: file
+    loop_var: service_vars_file
+  tags:
+    - always
+
+- name: 'Override "{{ service }}" service vars with local config'
+  set_fact: 
+    '{{ variable.key }}': '{{ variable.value }}'
+  with_dict: "{{ service_config[service]|default({}) }}"
+  loop_control:
+    loop_var: variable
+  tags:
+    - always
 
 - name: 'Ensure "{{ service }}" service config directory exist'
   file:
@@ -11,17 +22,23 @@
     state: directory
     recurse: true
     owner: "{{ ansible_user }}"
+  tags:
+    - always
 
 - name: 'Load configuration tasks for "{{ service }}"'
-  include_tasks: "{{ file }}"
+  include_tasks: "{{ service_task_file }}"
   with_fileglob: "{{ services_root }}/{{ service }}/tasks/*"
   loop_control:
-    loop_var: file
+    loop_var: service_task_file
+  tags:
+    - always
 
 - name: 'Copy stack file of "{{ service }}" to remote server'
   template:
     src: "{{ services_root }}/{{ service }}/stack.yml"
     dest: "{{ remote_service_path }}/stack.yml"
+  tags:
+    - deploy
 
 - name: 'Deploy "{{ service }}" stack to docker'
   community.docker.docker_stack:
@@ -31,4 +48,6 @@
       - "{{ remote_service_path }}/stack.yml"
       - version: "{{ compose_version }}"
         networks: "{{ dict(swarm_global_networks | map(attribute='name') | zip_longest([], fillvalue={ 'external': True })) }}"
+  tags:
+    - deploy
     

vars/services.yml

@@ -10,3 +10,19 @@ remote_service_path: "{{ remote_services_root }}/{{ service }}"
 compose_version: "3.7"
 
 ingress_network: traefik
+
+main_domain: kadet.local
+
+service_config:
+  traefik:
+    dashboard_users:
+      - name: kadet
+        password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35343061303630633064316236623032356663366661393931656562366336666364663133333432
+          6134663564396439313530353236393966313864353064380a613064363562393537313933366534
+          39366134613939653532306139383362633539616339356637623666303638653230393036356231
+          3634346265616162370a653132663638633234663432343839666531363734376433343836316137
+          35353236333161636466383462343234323461623233643339653739623932666637386633626330
+          6366666637366362663865313661306137383931613565663564
+