systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 16 Activity Actions

Allow Traefik to use DNS-01 challenge to Gandi
All checks were successful
/ ansible (push) Successful in 2m55s
Details
/ terraform (push) Successful in 33s
Details

Browse source
This commit is contained in:
Jake Howard 2023-04-23 20:26:37 +01:00
parent b68cb9cd96
commit ddd6af21cf
Signed by: jake
GPG key ID: 57AFB45680EDD477
5 changed files with 32 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ansible/roles/traefik/files/docker-compose.yml
View file

@ -6,6 +6,7 @@ services:
user: "{{ docker_user.id }}" user: "{{ docker_user.id }}"
environment: environment:
- CF_DNS_API_TOKEN={{ cloudflare_api_token }} - CF_DNS_API_TOKEN={{ cloudflare_api_token }}
- GANDI_API_KEY={{ gandi_api_key }}
volumes: volumes:
- /tmp/traefik-logs:/var/log/traefik - /tmp/traefik-logs:/var/log/traefik
- ./traefik:/etc/traefik - ./traefik:/etc/traefik

11
ansible/roles/traefik/files/traefik.yml
View file

@ -61,6 +61,17 @@ certificatesResolvers:
- 1.1.1.1:53 - 1.1.1.1:53
- 1.0.0.1:53 - 1.0.0.1:53
gandi:
acme:
email: "{{ letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: gandi
delayBeforeCheck: 0
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
serversTransport: serversTransport:
insecureSkipVerify: true insecureSkipVerify: true

3
ansible/roles/traefik/tasks/main.yml
View file

@ -1,3 +1,6 @@
- name: Include vault
include_vars: vault.yml
- name: Create network - name: Create network
docker_network: docker_network:
name: traefik name: traefik

19
ansible/roles/traefik/vars/main.yml
View file

@ -1,16 +1,3 @@
cloudflare_api_token: !vault | gandi_api_key: "{{ vault_gandi_api_key }}"
$ANSIBLE_VAULT;1.1;AES256 letsencrypt_email: "{{ vault_letsencrypt_email }}"
34353463353334326561626566613464363537393238353437376463376135623831343634643735 cloudflare_api_token: "{{ vault_cloudflare_api_token }}"
6136613231333531356137326333616264663865363139630a653939343435393061666366643332
38646539666631646337396137376232373037643934356363666462333835643464613431346366
3466383231363632310a346661383838633630643236623561373962356635346162653936393562
32646530656632393133356436653365356163313961343837633138383561376237306638313362
3636373939656462613032653530643536643466363135346139
letsencrypt_email: !vault |
$ANSIBLE_VAULT;1.1;AES256
64373438363639363238333264313861316239383234633536326330333333386361646266396438
6330303063623032653066643838313931613030663931640a333839633630613936343530663666
62633331616264623932303031663130623135623566323964656162656265633863336333373538
3963303639373032620a363434643539393838303233653037383765363961373363333034343534
37663462663235613062633837373334366163636362386364356635313730363566

14
ansible/roles/traefik/vars/vault.yml generated Normal file
View file

@ -0,0 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256
31313232616161386566653162613930663362326333663436396238343036356262613137663233
6534326163616236316230346334306165323532363561310a376366313063346161333265393831
34616263323665313534656366613230356162663665326233613036326137626536316138376466
3566386434303364620a653532613063333863616437363330303230613833636136626166326663
61636637663263323962396665376533663566626163353030393430636530616162663334636330
65323433626431346666616334663063373464386165623334336661643833303161626235396235
33666364623231633565613739623362613239663532333566623966616536353038666164316534
65396361323863373764396138333036363936323632393231376363323963306662303363343936
31346135343335313763366339636538373061316262666230633534626661303132353937666530
34303664666637313234633935303463373335373433333165396638666138343636353735643463
64336230613666623439646235326437343062613831373137383465616133393562306639323933
31666166666437303332306537336262626163626536373830613361306137613030313133623233
3132