deploy/roles/quadlets/traefik.yml

quadlets:
  - name: traefik
    type: container
    image: docker.io/traefik:latest
    pull: newer
    volumes:
      - "{{ config_root }}/traefik:/etc/traefik:Z"
    env:
      TZ: "{{ tz }}"
    command:
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.certFile=/etc/traefik/server.crt"
      - "--entrypoints.websecure.http.tls.keyFile=/etc/traefik/server.key"
      - "--log.level=INFO"
    restart_policy: on-failure

configs:
  - path: "{{ config_root }}/traefik/server.crt"
    template: {{ traefik_server_cert }}
  - path: "{{ config_root }}/traefik/server.key"
    template: {{ traefik_server_key }}
  - path: "{{ config_root }}/traefik/dynamic/dynamic.yml"
    template: |
      ---
      http:
        middlewares:
          redirect-https:
            redirectScheme:
              scheme: https
              permanent: true

        routers:
          redirect-to-https:
            rule: "HostRegexp(`{any:.*}`)"
            entryPoints:
              - web
            middlewares:
              - redirect-https
            service: noop

      {% for app_name in traefik_enabled_apps %}
          {{ app_name }}:
            rule: "PathPrefix(`/{{ app_name }}`)"
            service: {{ app_name }}
            entryPoints:
              - websecure
            tls: {}
      {% endfor %}

          dashboard:
            rule: "PathPrefix(`/dashboard`)"
            service: api@internal
            entryPoints:
              - websecure
            tls: {}

        services:
          noop:
            loadBalancer:
              servers:
                - url: "http://localhost"

      {% for app_name in traefik_enabled_apps %}
          {{ app_name }}:
            loadBalancer:
              servers:
                - url: "http://localhost:{{ lookup('vars', app_name).port }}"
      {% endfor %}