Yggdrasil/traefik.pp

## traefik.pp
# Installs and configures the Traefik.io reverse proxy, for TLS-offloading and
# automatic Let's Encrypt SSL management.
#
# Requirements:
#   - Module https://forge.puppet.com/praekeltfoundation/traefik and dependencies
#   - gem 'toml-rb' installed on Puppet Master
class profiles::traefik {
  file { '/var/lib/traefik/':
    ensure => 'directory',
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  } ->
  file { '/var/log/traefik/':
    ensure => 'directory',
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
  } ->
  class { '::traefik':
    version     => '1.0.3',
    config_hash => {
      'accessLogsFile'     => '/var/log/traefik/access.log',
      'traefikLogsFile'    => '/var/log/traefik/daemon.log',
      'defaultEntryPoints' => ['http', 'https'],
      'logLevel'           => 'INFO',
    },
  }
  traefik::config::section { 'web':
    description => 'Enable the statistics UI',
    order       => '60',
    hash        => {
      'address'  => ':8081',
      'readonly' => true,
    },
  }
  traefik::config::section { 'acme':
    description => "Let's Encrypt",
    order       => '40',
    hash        => {
      'email'       => 'admin@example.com',
      'storageFile' => '/var/lib/traefik/acme.json',
      'entryPoint'  => 'https',
      'onDemand'    => true,
    }
  }
  traefik::config::section { 'entryPoints':
    description => 'Entrypoint definitions',
    order       => '20',
    hash        => {
      'http'  => {
        'address'   => ':80',
      },
      'https' => {
        'address' => ':443',
        'tls'     => {},
      }
    }
  }
  traefik::config::file_rule { 'tlsproxy':
    description => 'Proxy to Varnish',
    order       => '30',
    frontend    => {
      'passHostHeader' => true,
    },
    backend     => {
      'servers' => {
        'server1' => {
          'url'    => 'http://127.0.0.1:6081',
        },
      }
    }
  }
}
	# Installs and configures the Traefik.io reverse proxy, for TLS-offloading and
	# automatic Let's Encrypt SSL management.
	#
	# Requirements:
	# - Module https://forge.puppet.com/praekeltfoundation/traefik and dependencies
	# - gem 'toml-rb' installed on Puppet Master
	class profiles::traefik {
	file { '/var/lib/traefik/':
	ensure => 'directory',
	owner => 'root',
	group => 'root',
	mode => '0755',
	} ->
	file { '/var/log/traefik/':
	ensure => 'directory',
	owner => 'root',
	group => 'root',
	mode => '0644',
	} ->
	class { '::traefik':
	version => '1.0.3',
	config_hash => {
	'accessLogsFile' => '/var/log/traefik/access.log',
	'traefikLogsFile' => '/var/log/traefik/daemon.log',
	'defaultEntryPoints' => ['http', 'https'],
	'logLevel' => 'INFO',
	},
	}
	traefik::config::section { 'web':
	description => 'Enable the statistics UI',
	order => '60',
	hash => {
	'address' => ':8081',
	'readonly' => true,
	},
	}
	traefik::config::section { 'acme':
	description => "Let's Encrypt",
	order => '40',
	hash => {
	'email' => 'admin@example.com',
	'storageFile' => '/var/lib/traefik/acme.json',
	'entryPoint' => 'https',
	'onDemand' => true,
	}
	}
	traefik::config::section { 'entryPoints':
	description => 'Entrypoint definitions',
	order => '20',
	hash => {
	'http' => {
	'address' => ':80',
	},
	'https' => {
	'address' => ':443',
	'tls' => {},
	}
	}
	}
	traefik::config::file_rule { 'tlsproxy':
	description => 'Proxy to Varnish',
	order => '30',
	frontend => {
	'passHostHeader' => true,
	},
	backend => {
	'servers' => {
	'server1' => {
	'url' => 'http://127.0.0.1:6081',
	},
	}
	}
	}
	}