Swap certificates for wildcards

2021-10-18 21:59:10 +01:00 · 2021-10-18 21:59:10 +01:00 · 4cdaba4692
commit 4cdaba4692
parent ebb571bf20
19 changed files with 9 additions and 28 deletions
--- a/ansible/roles/pages/files/docker-compose.yml
+++ b/ansible/roles/pages/files/docker-compose.yml
@ -12,7 +12,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.pages.rule=Host(`pages.theorangeone.net`)
      - traefik.http.routers.pages.tls.certresolver=le
  traefik-pages:
    image: ghcr.io/realorangeone/traefik-pages:latest
--- a/ansible/roles/plausible/files/docker-compose.yml
+++ b/ansible/roles/plausible/files/docker-compose.yml
@ -12,10 +12,8 @@ services:
      - traefik.enable=true
      - traefik.http.routers.plausible.rule=Host(`plausible.theorangeone.net`)
      - traefik.http.services.plausible-plausible.loadbalancer.server.port=8000  # https://github.com/plausible/analytics/pull/237
      - traefik.http.routers.plausible.tls.certresolver=le
      - traefik.http.routers.plausible-bare.rule=Host(`elbisualp.theorangeone.net`)
      - traefik.http.routers.plausible-bare.tls.certresolver=le
      - traefik.http.routers.plausible-bare.service=plausible-plausible
      # https://github.com/plausible/analytics/pull/340
--- a/ansible/roles/privatebin/files/docker-compose.yml
+++ b/ansible/roles/privatebin/files/docker-compose.yml
@ -12,4 +12,3 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.privatebin.rule=Host(`bin.theorangeone.net`)
      - traefik.http.routers.privatebin.tls.certresolver=le
--- a/ansible/roles/pve_docker/files/calibre/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/calibre/docker-compose.yml
@ -13,4 +13,3 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`)
      - traefik.http.routers.calibre.tls.certresolver=le
--- a/ansible/roles/pve_docker/files/librespeed/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/librespeed/docker-compose.yml
@ -12,6 +12,5 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)
      - traefik.http.routers.librespeed.tls.certresolver=le
      - traefik.http.routers.librespeed.middlewares=librespeed-auth@docker
      - traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }}
--- a/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml
@ -22,7 +22,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`)
      - traefik.http.routers.nextcloud.tls.certresolver=le
      - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.port=443
      - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.scheme=https
      - traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552000
--- a/ansible/roles/pve_docker/files/synapse/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/synapse/docker-compose.yml
@ -18,7 +18,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`)
      - traefik.http.routers.synapse.tls.certresolver=le
  db:
    image: postgres:12-alpine
@ -42,6 +41,5 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.synapse-admin.rule=Host(`matrix.jakehoward.tech`) && PathPrefix(`/admin`)
      - traefik.http.routers.synapse-admin.tls.certresolver=le
      - traefik.http.middlewares.synapse-admin-path.stripprefix.prefixes=/admin
      - traefik.http.routers.synapse-admin.middlewares=synapse-admin-path@docker
--- a/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml
@ -23,7 +23,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`)
      - traefik.http.routers.tt-rss.tls.certresolver=le
    depends_on:
      - db
    tmpfs:
--- a/ansible/roles/pve_docker/files/wallabag/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/wallabag/docker-compose.yml
@ -13,7 +13,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`)
      - traefik.http.routers.wallabag.tls.certresolver=le
    depends_on:
      - redis
--- a/ansible/roles/pve_docker/files/whoami/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/whoami/docker-compose.yml
@ -7,4 +7,3 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`)
      - traefik.http.routers.whoami.tls.certresolver=le
--- a/ansible/roles/traefik/files/file-provider-gitlab.yml
+++ b/ansible/roles/traefik/files/file-provider-gitlab.yml
@ -3,8 +3,6 @@ http:
    router-gitlab:
      rule: Host(`git.theorangeone.net`)
      service: service-gitlab
      tls:
        certResolver: le
  services:
    service-gitlab:
      loadBalancer:
--- a/ansible/roles/traefik/files/file-provider-grafana.yml
+++ b/ansible/roles/traefik/files/file-provider-grafana.yml
@ -3,8 +3,6 @@ http:
    router-grafana:
      rule: Host(`grafana.jakehoward.tech`)
      service: service-grafana
      tls:
        certResolver: le
  services:
    service-grafana:
      loadBalancer:
--- a/ansible/roles/traefik/files/file-provider-homeassistant.yml
+++ b/ansible/roles/traefik/files/file-provider-homeassistant.yml
@ -3,8 +3,6 @@ http:
    router-homeassistant:
      rule: Host(`homeassistant.jakehoward.tech`)
      service: service-homeassistant
      tls:
        certResolver: le
  services:
    service-homeassistant:
      loadBalancer:
--- a/ansible/roles/traefik/files/file-provider-jellyfin.yml
+++ b/ansible/roles/traefik/files/file-provider-jellyfin.yml
@ -3,8 +3,6 @@ http:
    router-jellyfin:
      rule: Host(`media.jakehoward.tech`)
      service: service-jellyfin
      tls:
        certResolver: le
  services:
    service-jellyfin:
      loadBalancer:
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@ -17,6 +17,15 @@ entryPoints:
      middlewares:
        - floc-block@file
        - compress@file
      tls:
        certresolver: le
        domains:
          - main: theorangeone.net
            sans: "*.theorangeone.net"
          - main: jakehoward.tech
            sans: "*.jakehoward.tech"
          - main: 0rng.one
            sans: "*.0rng.one"
    proxyProtocol:
      trustedIPs:
        - "{{ wireguard.cidr }}"
--- a/ansible/roles/upload/files/docker-compose.yml
+++ b/ansible/roles/upload/files/docker-compose.yml
@ -12,7 +12,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.upload.rule=Host(`upload.theorangeone.net`)
      - traefik.http.routers.upload.tls.certresolver=le
  img:
    image: ghcr.io/realorangeone/static-server:latest
@ -24,7 +23,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.img.rule=Host(`img.theorangeone.net`) || Host(`img.0rng.one`)
      - traefik.http.routers.img.tls.certresolver=le
  bg:
    image: ghcr.io/realorangeone/static-server:latest
@ -37,7 +35,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.bg.rule=Host(`bg.theorangeone.net`)
      - traefik.http.routers.bg.tls.certresolver=le
  dl:
    image: ghcr.io/realorangeone/static-server:latest
@ -49,4 +46,3 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.dl.rule=Host(`dl.theorangeone.net`) || Host(`dl.0rng.one`)
      - traefik.http.routers.dl.tls.certresolver=le
--- a/ansible/roles/uptime_kuma/files/docker-compose.yml
+++ b/ansible/roles/uptime_kuma/files/docker-compose.yml
@ -13,4 +13,3 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.uptime-kuma.rule=Host(`status.theorangeone.net`)
      - traefik.http.routers.uptime-kuma.tls.certresolver=le
--- a/ansible/roles/vaultwarden/files/docker-compose.yml
+++ b/ansible/roles/vaultwarden/files/docker-compose.yml
@ -16,12 +16,10 @@ services:
      - traefik.http.routers.vaultwarden-ui.rule=Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`)
      - traefik.http.routers.vaultwarden-ui.service=vaultwarden-ui
      - traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80
      - traefik.http.routers.vaultwarden-ui.tls.certresolver=le
      - traefik.http.routers.vaultwarden-websocket.rule=(Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`) )&& Path(`/notifications/hub`)
      - traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket
      - traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012
      - traefik.http.routers.vaultwarden-websocket.tls.certresolver=le
      - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
      - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000
--- a/ansible/roles/yourls/files/docker-compose.yml
+++ b/ansible/roles/yourls/files/docker-compose.yml
@ -18,7 +18,6 @@ services:
    labels:
      - traefik.enable=true
      - traefik.http.routers.yourls.rule=Host(`0rng.one`)
      - traefik.http.routers.yourls.tls.certresolver=le
  mariadb:
    image: mariadb:10.5