Add preliminary DigitalOcean DNS support

2021-11-19 22:42:41 +02:00
7 changed files with 29 additions and 17 deletions
--- a/.env.sample
+++ b/.env.sample
@ -44,6 +44,11 @@ COMPOSE_FILE="compose.yml"
 #GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1

+## DigitalOcean, https://digitalocean.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
+#DIGITALOCEAN_ENABLED=1
+#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
+
 #####################################################################
 # Keycloak log-in                                                   #
 #####################################################################
@ -52,8 +57,6 @@ COMPOSE_FILE="compose.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
 #KEYCLOAK_MIDDLEWARE_ENABLED=1
 #KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
-#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
-#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app

 #####################################################################
 # Prometheus metrics                                                #
--- a/README.md
+++ b/README.md
@ -7,11 +7,11 @@
 <!-- metadata -->
 * **Category**: Utilities
 * **Status**: ?
-* **Image**: [`traefik`](https://hub.docker.com/_/traefik), 4, upstream
+* **Image**: [`traefik`](https://hub.docker.com/_/traefik), ❶💚, upstream
 * **Healthcheck**: Yes
 * **Backups**: No
 * **Email**: N/A
-* **Tests**: 2
+* **Tests**: ❷💛
 * **SSO**: ? (Keycloak)
 <!-- endmetadata -->

--- a/abra.sh
+++ b/abra.sh
@ -1,3 +1,3 @@
 export TRAEFIK_YML_VERSION=v12
-export FILE_PROVIDER_YML_VERSION=v6
-export ENTRYPOINT_VERSION=v2
+export FILE_PROVIDER_YML_VERSION=v3
+export ENTRYPOINT_VERSION=v3
--- a/compose.digitalocean.yml
+++ b/compose.digitalocean.yml
@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
+      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
+      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
+    secrets:
+      - digitalocean_auth_token
+
+secrets:
+  digitalocean_auth_token:
+    name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
+    external: true
--- a/compose.keycloak.yml
+++ b/compose.keycloak.yml
@ -5,9 +5,7 @@ services:
  app:
    deploy:
      labels:
-        - "traefik.http.routers.${STACK_NAME}.middlewares=keycloak@file"
+        - "traefik.http.routers.traefik.middlewares=keycloak@file"
    environment:
      - KEYCLOAK_MIDDLEWARE_ENABLED
      - KEYCLOAK_TFA_SERVICE
-      - KEYCLOAK_MIDDLEWARE_2_ENABLED
-      - KEYCLOAK_TFA_SERVICE_2
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
 {{ end }}

+{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
+export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
+{{ end }}
+
 /entrypoint.sh "$@"
--- a/file-provider.yml.tmpl
+++ b/file-provider.yml.tmpl
@ -9,14 +9,6 @@ http:
        authResponseHeaders:
          - X-Forwarded-User
    {{ end }}
-    {{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
-    keycloak2:
-      forwardAuth:
-        address: "http://{{ env "KEYCLOAK_TFA_SERVICE_2" }}:4181"
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-Forwarded-User
-    {{ end }}
    security:
      headers:
        frameDeny: true