From acfd2af7eb4b5276f5a561c8c00b69f298518006 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 14 Sep 2024 22:06:42 +0100 Subject: [PATCH] Use Gandi as cert provider for traefik --- .../roles/traefik/files/docker-compose.yml | 1 - ansible/roles/traefik/files/traefik.yml | 15 ++----------- ansible/roles/traefik/vars/vault.yml | 22 ++++++++----------- ansible/roles/yourls/files/docker-compose.yml | 1 - 4 files changed, 11 insertions(+), 28 deletions(-) diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml index 3f8f15f..9504097 100644 --- a/ansible/roles/traefik/files/docker-compose.yml +++ b/ansible/roles/traefik/files/docker-compose.yml @@ -3,7 +3,6 @@ services: image: traefik:v2.11 user: "{{ docker_user.id }}" environment: - - CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }} - GANDIV5_API_KEY={{ vault_gandi_api_key }} volumes: - ./traefik:/etc/traefik diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index 3697b4b..d64de87 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -50,17 +50,6 @@ api: certificatesResolvers: le: - acme: - email: "{{ vault_letsencrypt_email }}" - storage: /etc/traefik/acme.json - dnsChallenge: - provider: cloudflare - delayBeforeCheck: 0 - resolvers: - - 1.1.1.1:53 - - 1.0.0.1:53 - - gandi: acme: email: "{{ vault_letsencrypt_email }}" storage: /etc/traefik/acme.json @@ -68,8 +57,8 @@ certificatesResolvers: provider: gandiv5 delayBeforeCheck: 0 resolvers: - - 1.1.1.1:53 - - 1.0.0.1:53 + - 9.9.9.9:53 + - 149.112.112.112:53 serversTransport: insecureSkipVerify: true diff --git a/ansible/roles/traefik/vars/vault.yml b/ansible/roles/traefik/vars/vault.yml index 11e8196..f9f891e 100644 --- a/ansible/roles/traefik/vars/vault.yml +++ b/ansible/roles/traefik/vars/vault.yml @@ -1,14 +1,10 @@ $ANSIBLE_VAULT;1.1;AES256 -63373634636339343234383662613339643138346430336463613834363661376334303131656565 -6439633136396264356263663961383565636138333135660a366239313136663331386139386566 -61653432613237656635316336313064396433393939306330353739343439336165653866343030 -6432366565396639640a636662356238636130326237613632643738643639313664393639323561 -39633939353663386566396534366166646631353461643062373363393566306538653730306362 -36306532343933643830643564313166366530363139623564633061623238303866633037383032 -31313765393134326561626264323336356539376263333765366162613363313138633932396136 -35663737366132613133376431643333663466363737386664663036623839616333653231366536 -38356566653933316462333462616362623535643866636332356563326136356563616632323034 -39303437363535636433353961353964313733333164396538643563343338633432343232346235 -39626331376163356466313435616362613334346132666461633566393662363039393363613366 -63613333643039626161653962353636366364353730383534336662336138643231333864633536 -3232 +36313832623761323139326337643566656138333936643938396363643338333962663735346335 +6332323166363035353965633238656461363234353732660a613130623164393866663265333363 +38336461396561313737326336643165633536373938633737356232613663386236346532643131 +3564663236306131660a653331396564613730626235333033376662633135343439343263323064 +38666665393063663436313932663233633038656661356664313935623130323732313164613632 +38383630373436356466366132326139326534316337326130653231373639343066656261343730 +62643734396261383035643934373964373836623032333963633830663538653733316334376462 +37646431323838626465303436643762636263396639646365303137663161613734323232383234 +37383762396438313262613233326163616463373365336566346336316334313439 diff --git a/ansible/roles/yourls/files/docker-compose.yml b/ansible/roles/yourls/files/docker-compose.yml index 8b1c23d..486e694 100644 --- a/ansible/roles/yourls/files/docker-compose.yml +++ b/ansible/roles/yourls/files/docker-compose.yml @@ -16,7 +16,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.yourls.rule=Host(`0rng.one`) - - traefik.http.routers.yourls.tls.certresolver=gandi networks: - default - traefik