systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 15 Activity Actions

Use Gandi as cert provider for traefik
All checks were successful
/ terraform (push) Successful in 37s
Details
/ ansible (push) Successful in 1m28s
Details

Browse source
This commit is contained in:
Jake Howard 2024-09-14 22:06:42 +01:00
parent f1ba63818b
commit acfd2af7eb
Signed by: jake
GPG key ID: 57AFB45680EDD477
4 changed files with 11 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ansible/roles/traefik/files/docker-compose.yml
View file

@ -3,7 +3,6 @@ services:
image: traefik:v2.11 image: traefik:v2.11
user: "{{ docker_user.id }}" user: "{{ docker_user.id }}"
environment: environment:
- CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
- GANDIV5_API_KEY={{ vault_gandi_api_key }} - GANDIV5_API_KEY={{ vault_gandi_api_key }}
volumes: volumes:
- ./traefik:/etc/traefik - ./traefik:/etc/traefik

15
ansible/roles/traefik/files/traefik.yml
View file

@ -50,17 +50,6 @@ api:
certificatesResolvers: certificatesResolvers:
le: le:
acme:
email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
gandi:
acme: acme:
email: "{{ vault_letsencrypt_email }}" email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json storage: /etc/traefik/acme.json
@ -68,8 +57,8 @@ certificatesResolvers:
provider: gandiv5 provider: gandiv5
delayBeforeCheck: 0 delayBeforeCheck: 0
resolvers: resolvers:
- 1.1.1.1:53 - 9.9.9.9:53
- 1.0.0.1:53 - 149.112.112.112:53
serversTransport: serversTransport:
insecureSkipVerify: true insecureSkipVerify: true

22
ansible/roles/traefik/vars/vault.yml generated
View file

@ -1,14 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
63373634636339343234383662613339643138346430336463613834363661376334303131656565 36313832623761323139326337643566656138333936643938396363643338333962663735346335
6439633136396264356263663961383565636138333135660a366239313136663331386139386566 6332323166363035353965633238656461363234353732660a613130623164393866663265333363
61653432613237656635316336313064396433393939306330353739343439336165653866343030 38336461396561313737326336643165633536373938633737356232613663386236346532643131
6432366565396639640a636662356238636130326237613632643738643639313664393639323561 3564663236306131660a653331396564613730626235333033376662633135343439343263323064
39633939353663386566396534366166646631353461643062373363393566306538653730306362 38666665393063663436313932663233633038656661356664313935623130323732313164613632
36306532343933643830643564313166366530363139623564633061623238303866633037383032 38383630373436356466366132326139326534316337326130653231373639343066656261343730
31313765393134326561626264323336356539376263333765366162613363313138633932396136 62643734396261383035643934373964373836623032333963633830663538653733316334376462
35663737366132613133376431643333663466363737386664663036623839616333653231366536 37646431323838626465303436643762636263396639646365303137663161613734323232383234
38356566653933316462333462616362623535643866636332356563326136356563616632323034 37383762396438313262613233326163616463373365336566346336316334313439
39303437363535636433353961353964313733333164396538643563343338633432343232346235
39626331376163356466313435616362613334346132666461633566393662363039393363613366
63613333643039626161653962353636366364353730383534336662336138643231333864633536
3232

1
ansible/roles/yourls/files/docker-compose.yml
View file

@ -16,7 +16,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.yourls.rule=Host(`0rng.one`) - traefik.http.routers.yourls.rule=Host(`0rng.one`)
- traefik.http.routers.yourls.tls.certresolver=gandi
networks: networks:
- default - default
- traefik - traefik