Add preliminary DigitalOcean DNS support

.env.sample

@@ -44,6 +44,11 @@ COMPOSE_FILE="compose.yml"
 #GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1
 
+## DigitalOcean, https://digitalocean.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
+#DIGITALOCEAN_ENABLED=1
+#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
+
 #####################################################################
 # Keycloak log-in                                                   #
 #####################################################################
@@ -52,8 +57,6 @@ COMPOSE_FILE="compose.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
 #KEYCLOAK_MIDDLEWARE_ENABLED=1
 #KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
-#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
-#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
 
 #####################################################################
 # Prometheus metrics                                                #

README.md

@@ -7,11 +7,11 @@
 <!-- metadata -->
 * **Category**: Utilities
 * **Status**: ?
-* **Image**: [`traefik`](https://hub.docker.com/_/traefik), 4, upstream
+* **Image**: [`traefik`](https://hub.docker.com/_/traefik), ❶💚, upstream
 * **Healthcheck**: Yes
 * **Backups**: No
 * **Email**: N/A
-* **Tests**: 2
+* **Tests**: ❷💛
 * **SSO**: ? (Keycloak)
 <!-- endmetadata -->
 

abra.sh

@@ -1,3 +1,3 @@
 export TRAEFIK_YML_VERSION=v12
-export FILE_PROVIDER_YML_VERSION=v6
+export FILE_PROVIDER_YML_VERSION=v3
-export ENTRYPOINT_VERSION=v2
+export ENTRYPOINT_VERSION=v3

compose.digitalocean.yml

@@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
+      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
+      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
+    secrets:
+      - digitalocean_auth_token
+
+secrets:
+  digitalocean_auth_token:
+    name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
+    external: true

compose.keycloak.yml

@@ -5,9 +5,7 @@ services:
   app:
     deploy:
       labels:
-        - "traefik.http.routers.${STACK_NAME}.middlewares=keycloak@file"
+        - "traefik.http.routers.traefik.middlewares=keycloak@file"
     environment:
       - KEYCLOAK_MIDDLEWARE_ENABLED
       - KEYCLOAK_TFA_SERVICE
-      - KEYCLOAK_MIDDLEWARE_2_ENABLED
-      - KEYCLOAK_TFA_SERVICE_2

entrypoint.sh.tmpl

@@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
 {{ end }}
 
+{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
+export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
+{{ end }}
+
 /entrypoint.sh "$@"

file-provider.yml.tmpl

@@ -9,14 +9,6 @@ http:
         authResponseHeaders:
           - X-Forwarded-User
     {{ end }}
-    {{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
-    keycloak2:
-      forwardAuth:
-        address: "http://{{ env "KEYCLOAK_TFA_SERVICE_2" }}:4181"
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-Forwarded-User
-    {{ end }}
     security:
       headers:
         frameDeny: true