From e9aeed26ee914050bbe7aa36aeaebe99b0d0a4ed Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sat, 5 Sep 2020 18:27:04 +0100
Subject: [PATCH] Use cloudflare DNS challenge for Traefik

---
 ansible/roles/traefik/files/docker-compose.yml | 2 ++
 ansible/roles/traefik/files/traefik.yml        | 4 ++--
 ansible/roles/traefik/vars/main.yml            | 8 ++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 ansible/roles/traefik/vars/main.yml

diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml
index 6f1182f..7068517 100644
--- a/ansible/roles/traefik/files/docker-compose.yml
+++ b/ansible/roles/traefik/files/docker-compose.yml
@@ -4,6 +4,8 @@ services:
   traefik:
     image: traefik:v2.2.8
     network_mode: host
+    environment:
+      - CF_DNS_API_TOKEN={{ cloudflare_api_token }}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./traefik:/etc/traefik
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index edb8dfd..e1fa2f5 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -36,8 +36,8 @@ certificatesResolvers:
     acme:
       email: hosting@theorangeone.net
       storage: /etc/traefik/acme.json
-      httpChallenge:
-        entryPoint: web
+      dnsChallenge:
+        provider: cloudflare
 
 serversTransport:
   insecureSkipVerify: true
diff --git a/ansible/roles/traefik/vars/main.yml b/ansible/roles/traefik/vars/main.yml
new file mode 100644
index 0000000..1b80c54
--- /dev/null
+++ b/ansible/roles/traefik/vars/main.yml
@@ -0,0 +1,8 @@
+cloudflare_api_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34353463353334326561626566613464363537393238353437376463376135623831343634643735
+  6136613231333531356137326333616264663865363139630a653939343435393061666366643332
+  38646539666631646337396137376232373037643934356363666462333835643464613431346366
+  3466383231363632310a346661383838633630643236623561373962356635346162653936393562
+  32646530656632393133356436653365356163313961343837633138383561376237306638313362
+  3636373939656462613032653530643536643466363135346139