Add preliminary DigitalOcean DNS support

Minuscule .env tweak
fix: support configurable tfa service
2021-11-19 22:42:41 +02:00 · 2021-10-14 00:44:40 +02:00 · 2021-10-14 00:43:56 +02:00 · 2021-10-12 11:41:56 +02:00
7 changed files with 30 additions and 11 deletions
--- a/.env.sample
+++ b/.env.sample
@ -8,8 +8,7 @@ LETS_ENCRYPT_EMAIL=certs@example.com
 # WARN, INFO etc.
 LOG_LEVEL=WARN

-# This is here so later lines can extend the definition; you likely don't wanna
-# edit
+# This is here so later lines can extend it; you likely don't wanna edit
 COMPOSE_FILE="compose.yml"

 #####################################################################
@ -45,6 +44,11 @@ COMPOSE_FILE="compose.yml"
 #GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1

+## DigitalOcean, https://digitalocean.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
+#DIGITALOCEAN_ENABLED=1
+#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
+
 #####################################################################
 # Keycloak log-in                                                   #
 #####################################################################
@ -52,6 +56,7 @@ COMPOSE_FILE="compose.yml"
 ## Enable Keycloak
 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
 #KEYCLOAK_MIDDLEWARE_ENABLED=1
+#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app

 #####################################################################
 # Prometheus metrics                                                #
--- a/abra.sh
+++ b/abra.sh
@ -1,3 +1,3 @@
 export TRAEFIK_YML_VERSION=v12
-export FILE_PROVIDER_YML_VERSION=v2
-export ENTRYPOINT_VERSION=v2
+export FILE_PROVIDER_YML_VERSION=v3
+export ENTRYPOINT_VERSION=v3
--- a/compose.digitalocean.yml
+++ b/compose.digitalocean.yml
@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
+      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
+      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
+    secrets:
+      - digitalocean_auth_token
+
+secrets:
+  digitalocean_auth_token:
+    name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
+    external: true
--- a/compose.keycloak.yml
+++ b/compose.keycloak.yml
@ -8,3 +8,4 @@ services:
        - "traefik.http.routers.traefik.middlewares=keycloak@file"
    environment:
      - KEYCLOAK_MIDDLEWARE_ENABLED
+      - KEYCLOAK_TFA_SERVICE
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
 {{ end }}

+{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
+export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
+{{ end }}
+
 /entrypoint.sh "$@"
--- a/file-provider.yml.tmpl
+++ b/file-provider.yml.tmpl
@ -4,7 +4,7 @@ http:
    {{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
    keycloak:
      forwardAuth:
-        address: "http://traefik-forward-auth:4181"
+        address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
        trustForwardHeader: true
        authResponseHeaders:
          - X-Forwarded-User
--- a/renovate.json
+++ b/renovate.json
@ -1,6 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base"
-  ]
-}
Author	SHA1	Message	Date
3wc	bd7e64c029	Add preliminary DigitalOcean DNS support	2021-11-19 22:42:41 +02:00
3wc	8e91a5a3ee	Minuscule .env tweak	2021-10-14 00:44:40 +02:00
decentral1se	3048d09cd8	fix: support configurable tfa service	2021-10-14 00:43:56 +02:00
decentral1se	2c9e980809	chore: remove old file	2021-10-12 11:41:56 +02:00