Add preliminary DigitalOcean DNS support

.env.sample

@@ -1,6 +1,6 @@
 TYPE=traefik
 
-DOMAIN={{ .Domain }}
+DOMAIN=traefik.example.com
 LETS_ENCRYPT_ENV=production
 
 LETS_ENCRYPT_EMAIL=certs@example.com
@@ -44,11 +44,10 @@ COMPOSE_FILE="compose.yml"
 #GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1
 
-## Cloudflare, https://cloudflare.com
+## DigitalOcean, https://digitalocean.com
-#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
-#CLOUDFLARE_ENABLED=1
+#DIGITALOCEAN_ENABLED=1
-#SECRET_CLOUDFLARE_EMAIL_VERSION=v1
+#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
-#SECRET_CLOUDFLARE_API_KEY=v1
 
 #####################################################################
 # Keycloak log-in                                                   #
@@ -58,8 +57,6 @@ COMPOSE_FILE="compose.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
 #KEYCLOAK_MIDDLEWARE_ENABLED=1
 #KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
-#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
-#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
 
 #####################################################################
 # Prometheus metrics                                                #
@@ -77,10 +74,6 @@ COMPOSE_FILE="compose.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_ENABLED=1
 
-## Compy
-#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
-#COMPY_ENABLED=1
-
 ## Gitea SSH
 # COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
 # GITEA_SSH_ENABLED=1
@@ -104,7 +97,3 @@ COMPOSE_FILE="compose.yml"
 ## Mumble
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
 #MUMBLE_ENABLED=1
-
-## Matrix
-#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
-#MATRIX_FEDERATION_ENABLED=1

README.md

@@ -7,11 +7,11 @@
 <!-- metadata -->
 * **Category**: Utilities
 * **Status**: ?
-* **Image**: [`traefik`](https://hub.docker.com/_/traefik), 4, upstream
+* **Image**: [`traefik`](https://hub.docker.com/_/traefik), ❶💚, upstream
 * **Healthcheck**: Yes
 * **Backups**: No
 * **Email**: N/A
-* **Tests**: 2
+* **Tests**: ❷💛
 * **SSO**: ? (Keycloak)
 <!-- endmetadata -->
 

abra.sh

@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v14
+export TRAEFIK_YML_VERSION=v12
-export FILE_PROVIDER_YML_VERSION=v6
+export FILE_PROVIDER_YML_VERSION=v3
-export ENTRYPOINT_VERSION=v2
+export ENTRYPOINT_VERSION=v3

compose.cloudflare.yml

@@ -1,20 +0,0 @@
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - CLOUDFLARE_EMAIL_FILE=/run/secrets/cloudflare_email
-      - CLOUDFLARE_API_KEY_FILE=/run/secrets/cloudflare_api_key
-      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
-      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
-    secrets:
-      - cloudflare_email
-      - cloudflare_api_key
-
-secrets:
-  cloudflare_email:
-    name: ${STACK_NAME}_cloudflare_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
-    external: true
-  cloudflare_api_key:
-    name: ${STACK_NAME}_cloudflare_api_key_${SECRET_CLOUDFLARE_API_KEY}
-    external: true

compose.compy.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - COMPY_ENABLED
-    ports:
-      - "9999:9999"

compose.digitalocean.yml

@@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
+      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
+      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
+    secrets:
+      - digitalocean_auth_token
+
+secrets:
+  digitalocean_auth_token:
+    name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
+    external: true

compose.headless.yml

@@ -12,3 +12,4 @@ services:
         - "traefik.http.services.traefik.loadbalancer.server.port=web"
         - "traefik.http.routers.traefik.entrypoints=web-secure"
         - "traefik.http.routers.traefik.service=api@internal"
+        - "coop-cloud.${STACK_NAME}.app.version=v2.4.9-be23e1f6"

compose.keycloak.yml

@@ -5,9 +5,7 @@ services:
   app:
     deploy:
       labels:
-        - "traefik.http.routers.${STACK_NAME}.middlewares=keycloak@file"
+        - "traefik.http.routers.traefik.middlewares=keycloak@file"
     environment:
       - KEYCLOAK_MIDDLEWARE_ENABLED
       - KEYCLOAK_TFA_SERVICE
-      - KEYCLOAK_MIDDLEWARE_2_ENABLED
-      - KEYCLOAK_TFA_SERVICE_2

compose.matrix.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - MATRIX_FEDERATION_ENABLED
-    ports:
-      - "8448:8448"

compose.minio.yml

@@ -1,9 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - MINIO_CONSOLE_ENABLED
-    ports:
-      - "9001:9001"

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.5.6"
+    image: "traefik:v2.5.2"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -26,8 +26,6 @@ services:
     environment:
       - DASHBOARD_ENABLED
       - LOG_LEVEL
-      - LETS_ENCRYPT_EMAIL
-      - LETS_ENCRYPT_ENV
     healthcheck:
       test: ["CMD", "traefik", "healthcheck"]
       interval: 30s
@@ -49,7 +47,7 @@ services:
         - "traefik.http.routers.traefik.tls.options=default@file"
         - "traefik.http.routers.traefik.service=api@internal"
         - "traefik.http.routers.traefik.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=1.0.1+v2.5.6"
+        - "coop-cloud.${STACK_NAME}.version=1.0.0+v2.5.2"
 
 networks:
   proxy:

entrypoint.sh.tmpl

@@ -11,9 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
 {{ end }}
 
-{{ if eq (env "CLOUDFLARE_ENABLED") "1" }}
+{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
-export CLOUDFLARE_EMAIL=$(cat "$CLOUDFLARE_EMAIL_FILE")
+export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
-export CLOUDFLARE_API_KEY=$(cat "$CLOUDFLARE_API_KEY_FILE")
 {{ end }}
 
 /entrypoint.sh "$@"

file-provider.yml.tmpl

@@ -9,14 +9,6 @@ http:
         authResponseHeaders:
           - X-Forwarded-User
     {{ end }}
-    {{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
-    keycloak2:
-      forwardAuth:
-        address: "http://{{ env "KEYCLOAK_TFA_SERVICE_2" }}:4181"
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-Forwarded-User
-    {{ end }}
     security:
       headers:
         frameDeny: true

traefik.yml.tmpl

@@ -54,18 +54,10 @@ entrypoints:
   mumble-udp:
     address: ":64738/udp"
   {{ end }}
-  {{ if eq (env "COMPY_ENABLED") "1" }}
-  compy:
-    address: ":9999"
-  {{ end }}
   {{ if eq (env "METRICS_ENABLED") "1" }}
   metrics:
     address: ":8082"
   {{ end }}
-  {{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
-  matrix-federation:
-    address: ":9001"
-  {{ end }}
 
 ping:
   entryPoint: web
@@ -77,36 +69,30 @@ metrics:
 {{ end }}
 
 certificatesResolvers:
-  {{ if eq (env "LETS_ENCRYPT_ENV") "staging" }}
   staging:
     acme:
       email: {{ env "LETS_ENCRYPT_EMAIL" }}
       storage: /etc/letsencrypt/staging-acme.json
       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      httpChallenge:
+        entryPoint: web
       {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
       dnsChallenge:
         provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
         resolvers:
           - "1.1.1.1:53"
           - "8.8.8.8:53"
-      {{ else }}
-      httpChallenge:
-        entryPoint: web
       {{ end }}
-  {{ end }}
-  {{ if eq (env "LETS_ENCRYPT_ENV") "production" }}
   production:
     acme:
       email: {{ env "LETS_ENCRYPT_EMAIL" }}
       storage: /etc/letsencrypt/production-acme.json
+      httpChallenge:
+        entryPoint: web
       {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
       dnsChallenge:
         provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
         resolvers:
           - "1.1.1.1:53"
           - "8.8.8.8:53"
-      {{ else }}
-      httpChallenge:
-        entryPoint: web
-      {{ end }}
       {{ end }}