From e7270d1f7ae05060bd624faf3d82c56d04ed64ef Mon Sep 17 00:00:00 2001
From: Jade Ellis <jade@ellis.link>
Date: Sun, 1 Dec 2024 11:37:37 +0000
Subject: [PATCH] Enable traefik access log and log rotation

---
 servers/ansible/playbook.yaml        | 21 ++++++++++++++++++++-
 servers/containers/traefik.container |  1 +
 servers/logrotate.d/traefik.conf     |  9 +++++++++
 servers/traefik/config.yml           |  3 +++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 servers/logrotate.d/traefik.conf

diff --git a/servers/ansible/playbook.yaml b/servers/ansible/playbook.yaml
index 036c5de7..daff191a 100644
--- a/servers/ansible/playbook.yaml
+++ b/servers/ansible/playbook.yaml
@@ -18,6 +18,22 @@
         delete: true # Remove retired containers
     - name: Reload systemd generators
       ansible.builtin.command: sudo systemctl daemon-reload
+    - name: Install logrotate
+      ansible.builtin.package:
+        name: logrotate
+        state: present
+    - name: Copy logrotate config
+      ansible.posix.synchronize:
+        src: ../logrotate.d/
+        dest: /etc/logrotate.d
+    - name: find files with possible suspect line endings
+      ansible.builtin.find:
+        paths: /etc/logrotate.d
+        patterns: '*'
+      register: output
+    - name: fix suspect line endings
+      replace: path={{item.path}} regexp="\r"
+      with_items: "{{ output.files }}"
     - name: Copy traefik config
       ansible.posix.synchronize:
         src: ../traefik/
@@ -26,6 +42,10 @@
       file:
         path: /var/srv/traefik
         state: directory
+    - name: Creates traefik log directory
+      file:
+        path: /var/log/traefik
+        state: directory
     - name: Copy kanidm config
       ansible.posix.synchronize:
         src: ../kanidm/
@@ -99,7 +119,6 @@
         path: /var/opt/autokuma
         state: directory
 
-
     # - name: install linux-system-roles
     #   package:
     #     name: linux-system-roles
diff --git a/servers/containers/traefik.container b/servers/containers/traefik.container
index 3c14a764..d6717ff2 100644
--- a/servers/containers/traefik.container
+++ b/servers/containers/traefik.container
@@ -83,6 +83,7 @@ Volume=/run/podman/podman.sock:/var/run/docker.sock:z
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/var/srv/traefik:/certificates:z
 Volume=/etc/traefik:/etc/traefik:ro,z
+Volume=/var/log/traefik:/var/log/traefik:z
 Volume=kanidm-certs.volume:/kanidm_certs:ro,z
 
 # Volume=/var/srv/matrix/caddy/config:/config:z
diff --git a/servers/logrotate.d/traefik.conf b/servers/logrotate.d/traefik.conf
new file mode 100644
index 00000000..5612ffde
--- /dev/null
+++ b/servers/logrotate.d/traefik.conf
@@ -0,0 +1,9 @@
+/var/log/traefik/* {
+    missingok
+    notifempty
+    weekly
+    rotate 3
+    size 10M
+    compress
+    delaycompress
+}
\ No newline at end of file
diff --git a/servers/traefik/config.yml b/servers/traefik/config.yml
index 396164cf..d76064f6 100644
--- a/servers/traefik/config.yml
+++ b/servers/traefik/config.yml
@@ -2,6 +2,9 @@ global:
   checkNewVersion: false
 log:
   level: INFO
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  bufferingSize: 100
 providers:
   docker:
     exposedbydefault: false