first part of config

roles/traefik-deploy/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: deploy traefik
+  shell: >
+    docker stack deploy
+    --compose-file /srv/traefik-stack.yml
+    --prune
+    traefik

roles/traefik-deploy/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Copy over config file.
+  template:
+    src: traefik.yml.j2
+    dest: "srv/traefik.yml"
+  notify: deploy treafik
+
+- name: Copy over stack file.
+  template:
+    src: traefik-stack.yml.j2
+    dest: /srv/traefik-stack.yml
+  notify: deploy traefik

roles/traefik-deploy/templates/traefik-stack.yml.j2

@@ -0,0 +1,30 @@
+# vim: ft=yaml
+version: '3'
+
+services:
+  app:
+    image: 'traefik:2.5'
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+
+    networks:
+      - public
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - '/srv/traefik.yml:/etc/traefik/traefik.yml'
+      - 'acme:/etc/traefik/acme'
+      - '/var/run/docker.sock:/var/run/docker.sock'
+
+networks:
+  public:
+    external: true
+
+volumes:
+  acme:

roles/traefik-deploy/templates/traefik.yml.j2

@@ -0,0 +1,28 @@
+# vim: ft=yaml
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443"
+
+api:
+  insecure: true
+
+providers:
+  docker:
+    swarmMode: true
+    exposedbydefault: false
+    network: public
+
+certificatesResolvers:
+  letsEncrypt:
+    acme:
+      email: "{{ letsencrypt_email }}"
+      storage: "/etc/traefik/acme/acme.json"
+      httpChallenge:
+        entryPoint: web