- name: Reconfigure traefik container for persistence
  ansible.builtin.blockinfile:
    path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
    block: |2
          deployment:
            initContainers:
              - name: volume-permissions
                image: busybox:1
                command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
                volumeMounts:
                  - name: data
                    mountPath: /data
          persistence:
            enabled: true
    marker: '    # {mark} ANSIBLE MANAGED BLOCK [persistence]'
  notify:
    - Apply manifests

- name: Configure traefik dashboard ingress
  ansible.builtin.template:
    src: ingressroute.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      name: traefik-dashboard
      namespace: kube-system
      config: |2
          entryPoints:
          - web
          - websecure
          routes:
          - kind: Rule
            match: Host(`ingress.{{ vapp['metacluster.fqdn'] }}`)
            services:
            - kind: TraefikService
              name: api@internal
  notify:
    - Apply manifests

- name: Trigger handlers
  ansible.builtin.meta: flush_handlers