Commit ccdc1b7

@@ -1,16 +0,0 @@
-server {
-    server_name www.trustme.click;
-    listen 80;
-    listen [::]:80;
-    return 301 https://trustme.click;
-}
-server {
-    server_name trustme.click;
-    root /var/www/html;
-    index index.html;
-    location / {
-        try_files $uri $uri/ =404;
-    }
-    listen 80;
-    listen [::]:80;
-}

@@ -1,9 +0,0 @@
-server {
-    server_name ip.trustme.click;
-
-    location / {
-        proxy_pass http://127.0.0.1:8080;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-}

@@ -0,0 +1,37 @@
+--- 
+   - name: apt update cache
+     apt: 
+       update_cache: True
+       cache_valid_time: 1800 #30m
+     become: True
+
+   - name: apt upgrade
+     apt: 
+       name: "*" 
+       state: latest
+       update_cache: True
+       cache_valid_time: 1800 #30m
+     become: True
+
+   - name: apt install tools
+     apt: 
+       update_cache: True
+       cache_valid_time: 1800 #30m
+       state: latest
+       pkg: "{{ apt_pkgs }}"
+     become: True
+
+   - name: apt ppa repo's add
+     apt_repository: 
+       repo: "{{ item }}"
+       update_cache: True
+     become: True
+     loop: "{{ apt_ppas }}"
+
+   - name: apt install tools (from ppa's)
+     apt: 
+       update_cache: True
+       cache_valid_time: 1800 #30m
+       state: latest
+       pkg: "{{ apt_ppa_pkgs }}"
+     become: True

@@ -0,0 +1,54 @@
+---
+ - name: personal git config, global
+   git_config: 
+     name: "{{ item.name }}"
+     value: "{{ item.value }}"
+     scope: global
+   loop:
+   - name: user.email
+     value: bryon.fryer@gmail.com
+   - name: user.name
+     value: bryfry
+   - name: color.ui
+     value: "True"
+ 
+ ## TODO Skip if existing or no ssh-add -l
+ - name: git checkouts
+   git: 
+     repo: "{{ item.repo }}"
+     dest: "{{ git_dir }}/{{ item.dir }}"
+     update: False
+   vars:
+     git_dir: "$HOME/git"
+   ignore_errors: True
+   loop:
+    - repo: git@github.com:bryfry/home.git
+      dir: home
+    - repo: git@github.com:bryfry/logbook.git
+      dir: logbook
+    #- repo: git@ssh.gitlab.external.ltsnet.net:bfryer/notes.git
+    #  dir: lts.notes
+
+ - name: home directory symlinks
+   file:
+     src: "{{ item.src }}"
+     dest: "{{ item.dest }}"
+     state: link
+   vars:
+     git_dir: "$HOME/git"
+     home_repo: "{{ git_dir }}/home"
+   loop:
+    - src: "{{ home_repo }}/tmux.conf"
+      dest: "$HOME/.tmux.conf"
+    - src: "{{ home_repo }}/tmux.statusbar.conf"
+      dest: "$HOME/.tmux.statusbar.conf"
+    - src: "{{ home_repo }}/ssh_config"
+      dest: "$HOME/.ssh/config"
+    - src: "{{ home_repo }}/vimrc"
+      dest: "$HOME/.vimrc"
+    - src: "{{ home_repo }}/bash_aliases"
+      dest: "$HOME/.bash_aliases"
+    - src: "{{ home_repo }}/screenrc"
+      dest: "$HOME/.screenrc"
+    - src: "{{ home_repo }}/curlrc"
+      dest: "$HOME/.curlrc"

@@ -0,0 +1,43 @@
+---
+ - name: optional software directories
+   file:
+     path: "{{ item }}"
+     state: directory
+     owner: ubuntu
+     group: ubuntu
+     mode: '0755'
+   become: True
+   loop: 
+     - /opt/
+     - /opt/mirror-mirror/
+
+ - name: download software binaries
+   get_url:
+     url:  "{{ item.url }}"
+     dest: "{{ item.dest }}"
+     mode: "{{ item.mode }}"
+   loop:
+    - url: https://github.com/ajpatri/mirror-mirror/releases/download/v0.1/mirror-mirror-v0.1-linux-amd64
+      dest: /opt/mirror-mirror/mirror-mirror
+      mode: '0755'
+
+ - name: deploy traefik dynamic config
+   template:
+     src: "{{ role_path }}/templates/mirror-mirror.yaml.j2"
+     dest: "{{ traefik.dirs.dynamic_config }}/mirror-mirror.yaml"  
+   become: True
+
+ - name: systemd service config
+   copy: 
+     src: "{{ role_path }}/files/mirror-mirror.service"
+     dest: "{{ systemd_path }}/mirror-mirror.service"
+   become: True
+   vars:
+     systemd_path: "/etc/systemd/system"
+
+ - name: systemd service start
+   systemd:
+     state: started
+     daemon_reload: True
+     name: mirror-mirror
+   become: True

@@ -0,0 +1,15 @@
+---
+http:
+  routers:
+    mirror-mirror:
+      rule: "Host(`{{ mm.domain }}`)"
+      service: "mirror-mirror"
+      entryPoints:
+       - "websecure"
+      tls:
+        certResolver: "{{ traefik.acme_http_resolver }}"
+  services:
+    mirror-mirror:
+      loadBalancer:
+        servers:
+         - url: "http://{{ mm.address }}.{{ mm.port }}"

@@ -0,0 +1,11 @@
+[Unit]
+Description=traefik service
+Documentation=https://github.com/containous/traefik.git
+
+[Service]
+ExecStart=/opt/traefik/traefik
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

@@ -0,0 +1,41 @@
+---
+ - name: fetch release
+   get_url:
+     url: "https://github.com/containous/traefik/releases/download/v{{ traefik.version }}/traefik_v{{ traefik.version }}_linux_amd64.tar.gz"
+     dest: "/tmp/traefik_v{{ traefik.version }}_linux_amd64.tar.gz"
+     checksum: "{{ traefik.checksum }}"
+
+ - name: directories
+   file:
+     path: "{{ item }}"
+     state: directory
+     mode: '0755'
+   become: True
+   loop: "{{ traefik.dirs | dict2items }}"
+
+ - name: extract release
+   unarchive:
+     src: "/tmp/traefik_v{{ traefik.version }}_linux_amd64.tar.gz"
+     dest: "/opt/traefik/"
+     remote_src: True
+ 
+ - name: deploy traefik static config
+   template:
+     src: "{{ role_path }}/templates/traefik.yaml.j2"
+     dest: "{{ traefik.dirs.config }}/traefik.yaml"  
+   become: True
+
+ - name: systemd service config
+   copy: 
+     src: "{{ role_path }}/files/traefik.service"
+     dest: "{{ systemd_path }}/traefik.service"
+   become: True
+   vars:
+     systemd_path: "/etc/systemd/system"
+
+ - name: systemd service start
+   systemd:
+     state: started
+     daemon_reload: True
+     name: traefik
+   become: True

@@ -0,0 +1,29 @@
+providers:
+  file:
+    directory: "{{ traefik.dirs.dynamic_config }}"
+    watch: true
+
+log:
+  filePath: "{{ traefik.dirs.log }}/traefik.log"
+  level: "INFO"
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint: 
+          to: "websecure"
+          scheme: "https"
+          permanent: True
+
+  websecure:
+    address: ":443"
+
+certificatesResolvers:
+  tmc-acme-http:
+    acme:
+      email: "admin@trustme.click"
+      storage: "{{ traefik.dirs.certs }}/tmc.json"
+      httpChallenge:
+        entryPoint: web

@@ -1,190 +1,53 @@
 ---
 - hosts: localhost
-  gather_facts: True
-  tasks:
-   - name: apt update cache
-     apt: 
-       update_cache: True
-       cache_valid_time: 1800 #30m
-     become: True
-
-   - name: apt upgrade
-     apt: 
-       name: "*" 
-       state: latest
-       update_cache: True
-       cache_valid_time: 1800 #30m
-     become: True
-
-   - name: apt install tools
-     apt: 
-       update_cache: True
-       cache_valid_time: 1800 #30m
-       state: latest
-       pkg:
-        - vim
-        - tmux 
-        - htop
-        - curl
-        - haveged # helps random number generation on small vms
-        - dirmngr   # needed for ppa add-key
-        - gpg-agent # needed for ppa add-key
-        - docker.io
-        - nginx
-     become: True
-
-   # TODO Broken
-   - name: apt ppa repo's add
-     apt_repository: 
-       repo: "{{ item }}"
-       update_cache: True
-     become: True
-     loop:
-      - "ppa:wireguard/wireguard"
-      - "ppa:certbot/certbot"
-
-   - name: apt install tools (from ppa's)
-     apt: 
-       update_cache: True
-       cache_valid_time: 1800 #30m
-       state: latest
-       pkg:
-        - wireguard # requires ppa
-        - python-certbot-nginx # requires ppa
-     become: True
-
-   - name: personal git config, global
-     git_config: 
-       name: "{{ item.name }}"
-       value: "{{ item.value }}"
-       scope: global
-     loop:
-     - name: user.email
-       value: bryon.fryer@gmail.com
-     - name: user.name
-       value: bryfry
-     - name: color.ui
-       value: true
-
-   ## Skip if no ssh-add -l
-   - name: git checkouts
-     git: 
-       repo: "{{ item.repo }}"
-       dest: "{{ git_dir }}/{{ item.dir }}"
-     vars:
-       git_dir: "$HOME/git"
-     ignore_errors: True
-     loop:
-      - repo: git@github.com:bryfry/home.git
-        dir: home
-      - repo: git@github.com:bryfry/logbook.git
-        dir: logbook
-      #- repo: git@ssh.gitlab.external.ltsnet.net:bfryer/notes.git
-      #  dir: lts.notes
+ 
+  vars:
+    apt_pkgs:
+     - vim
+     - tmux 
+     - htop
+     - curl
+     - haveged # helps random number generation on small vms
+     - dirmngr   # needed for ppa add-key
+     - gpg-agent # needed for ppa add-key
+     - docker.io
+     - nginx # TODO remove
+
+    apt_ppas:
+     - "ppa:wireguard/wireguard"
+     - "ppa:certbot/certbot"
+
+    apt_ppa_pkgs:
+     - wireguard
+     - python-certbot-nginx 
+
+    traefik:
+      version: 2.2.0
+      checksum: sha256:eddea0507ad715c723662e7c10fdab554eb64379748278cd2d09403063e3e32f  
+      acme_http_resolver: "tmc-acme-http"
+      dirs:
+        log: "/var/log/traefik"
+        config: "/etc/traefik"
+        certs: "/etc/traefik/certs"
+        dynamic_config: "/etc/traefik/traefik.d"
+        install: "/opt/traefik"
      
+    # mirror-mirror
+    mm:
+      domain: "ip.trustme.click"
+      address: 127.0.0.1
+      port: 28103 # = 0x6d6d = mm (ascii)
+    
 
-   - name: home directory symlinks
-     file:
-       src: "{{ item.src }}"
-       dest: "{{ item.dest }}"
-       state: link
-     vars:
-       git_dir: "$HOME/git"
-       home_repo: "{{ git_dir }}/home"
-     loop:
-      - src: "{{ home_repo }}/tmux.conf"
-        dest: "$HOME/.tmux.conf"
-      - src: "{{ home_repo }}/tmux.statusbar.conf"
-        dest: "$HOME/.tmux.statusbar.conf"
-      - src: "{{ home_repo }}/ssh_config"
-        dest: "$HOME/.ssh/config"
-      - src: "{{ home_repo }}/vimrc"
-        dest: "$HOME/.vimrc"
-      - src: "{{ home_repo }}/bash_aliases"
-        dest: "$HOME/.bash_aliases"
-      - src: "{{ home_repo }}/screenrc"
-        dest: "$HOME/.screenrc"
-      - src: "{{ home_repo }}/curlrc"
-        dest: "$HOME/.curlrc"
-
-   #TODO: mirror-mirror role
-   - name: nginx configs
-     copy: 
-       src: "{{ item.src }}"
-       dest: "{{ item.dest }}"
-       owner: root
-       group: root
-     become: True
-     vars:
-       nginx_sites: "/etc/nginx/sites-enabled"
-     loop:
-      - src: "files/nginx/default"
-        dest: "{{ nginx_sites}}/default"
-      - src: "files/nginx/ip"
-        dest: "{{ nginx_sites}}/ip"
-     # TODO default landing page /var/www/html/index.html
-     notify: restart nginx
-
-   #TODO: mirror-mirror role
-   - name: optional software directories
-     file:
-       path: "{{ item }}"
-       state: directory
-       owner: ubuntu
-       group: ubuntu
-       mode: '0755'
-     become: True
-     loop: 
-       - /opt/
-       - /opt/mirror-mirror/
-
-   #TODO: mirror-mirror role
-   - name: download software binaries
-     get_url:
-       url:  "{{ item.url }}"
-       dest: "{{ item.dest }}"
-       mode: "{{ item.mode }}"
-     loop:
-      - url: https://github.com/ajpatri/mirror-mirror/releases/download/v0.1/mirror-mirror-v0.1-linux-amd64
-        dest: /opt/mirror-mirror/mirror-mirror
-        mode: '0755'
-
-   #TODO: mirror-mirror role
-   - name: mirror-mirror systemd service config
-     copy: 
-       src: "files/mirror-mirror.service"
-       dest: "{{ systemd_path }}/mirror-mirror.service"
-       owner: root
-       group: root
-     become: True
-     vars:
-       systemd_path: "/etc/systemd/system"
-
-   #TODO: mirror-mirror role
-   - name: mirror-mirror systemd service start
-     systemd:
-       state: started
-       daemon_reload: True
-       name: mirror-mirror
-     become: True
-
-
-
-  handlers:
-   - name: restart nginx
-     service:
-       name: nginx
-       state: restarted
-     become: True
-     
-     
-
-
-   #TODO
-   # sudo certbot --nginx --force-renewal --expand -d trustme.click -d www.trustme.click -d ip.trustme.click --agree-tos --no-eff-email --redirect -m admin@trustme.click
-   # wg genkey | sudo tee /etc/wireguard/tmc_privatekey | wg pubkey | sudo tee /etc/wireguard/tmc_publickey
-   # make 443 udp iptables forward to wireguard port
-
-
-
+  gather_facts: True
 
+  roles: 
+   - apt
+   - home # git checkouts too
+   - traefik
+   - mirror-mirror
+ 
+  #TODO
+  # sudo certbot --nginx --force-renewal --expand -d trustme.click -d www.trustme.click -d ip.trustme.click --agree-tos --no-eff-email --redirect -m admin@trustme.click
+  # wg genkey | sudo tee /etc/wireguard/tmc_privatekey | wg pubkey | sudo tee /etc/wireguard/tmc_publickey
+  # make 443 udp iptables forward to wireguard port