From 68aac107daae4f2c1c4cf53b4ea316ec7526610d Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Wed, 15 Apr 2026 16:59:21 +0200
Subject: [PATCH] feat: various small fixes to the traefik config

---
 tasks/traefik.yaml                            | 12 +++++++-
 templates/traefik/http.yml.j2                 | 18 ++++++++++++
 .../traefik/{config.yml.j2 => traefik.yml.j2} | 28 ++++---------------
 3 files changed, 35 insertions(+), 23 deletions(-)
 create mode 100644 templates/traefik/http.yml.j2
 rename templates/traefik/{config.yml.j2 => traefik.yml.j2} (51%)

diff --git a/tasks/traefik.yaml b/tasks/traefik.yaml
index f50ce39..8befbad 100644
--- a/tasks/traefik.yaml
+++ b/tasks/traefik.yaml
@@ -12,13 +12,23 @@
 # traefik config
 - name: "traefik config"
   ansible.builtin.template:
-    src: "templates/traefik/config.yml.j2"
+    src: "templates/traefik/traefik.yml.j2"
     dest: "/mnt/traefik/traefik.yml"
     owner: "root"
     group: "root"
     mode: "0640"
   notify: "restart traefik"
 
+# traefik http routes
+- name: "traefik https routes"
+  ansible.builtin.template:
+    src: "templates/traefik/http.yml.j2"
+    dest: "/mnt/traefik/http.yml"
+    owner: "root"
+    group: "root"
+    mode: "0640"
+  notify: "restart traefik"
+
 # transip apikey
 - name: "traefik - transip api"
   ansible.builtin.copy:
diff --git a/templates/traefik/http.yml.j2 b/templates/traefik/http.yml.j2
new file mode 100644
index 0000000..236e05c
--- /dev/null
+++ b/templates/traefik/http.yml.j2
@@ -0,0 +1,18 @@
+http:
+  routers:
+{% for item in traefik_routes %}
+    {{ item.service }}:
+      rule: "Host(`{{ item.name }}`)"
+      entryPoints:
+        - websecure
+      service: {{ item.service }}-svc
+      tls:
+        certResolver: transip
+{% endfor %}
+  services:
+{% for item in traefik_routes %}
+    {{ item.service }}-svc:
+      loadBalancer:
+        servers:
+          - url: "{{ item.proto }}://{{ item.host }}:{{ item.port }}"
+{% endfor %}
diff --git a/templates/traefik/config.yml.j2 b/templates/traefik/traefik.yml.j2
similarity index 51%
rename from templates/traefik/config.yml.j2
rename to templates/traefik/traefik.yml.j2
index 80a12e1..74dc7df 100644
--- a/templates/traefik/config.yml.j2
+++ b/templates/traefik/traefik.yml.j2
@@ -16,7 +16,6 @@ entryPoints:
         readTimeout: 0
         writeTimeout: 0
         idleTimeout: 0
-
 certificatesResolvers:
   transip:
     acme:
@@ -24,28 +23,13 @@ certificatesResolvers:
         provider: "transip"
       email: "{{ traefik_letsencrypt_email }}"
       storage: "/acme.json"
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+{% if traefik_routes | selectattr('proto', 'equalto', 'https') | list | length > 0 %}
+serversTransport:
+  insecureSkipVerify: true
+{% endif %}
 
 providers:
   file:
-    filename: /traefik.yml
+    filename: /http.yml
     watch: true
-
-http:
-  routers:
-{% for item in traefik_routes %}
-    {{ item.service }}:
-      rule: "Host(`{{ item.name }}`)"
-      entryPoints:
-        - websecure
-      service: {{ item.service }}-svc
-      tls:
-        certResolver: transip
-{% endfor %}
-  services:
-{% for item in traefik_routes %}
-    {{ item.service }}-svc:
-      loadBalancer:
-        servers:
-          - url: "{{ item.proto }}://{{ item.host }}:{{ item.port }}"
-{% endfor %}