.drone.yml

@@ -16,9 +16,9 @@ steps:
       STACK_NAME: traefik
       LETS_ENCRYPT_ENV: production
       LETS_ENCRYPT_EMAIL: helo@autonomic.zone
-      TRAEFIK_YML_VERSION: v21
-      FILE_PROVIDER_YML_VERSION: v10
-      ENTRYPOINT_VERSION: v4
+      TRAEFIK_YML_VERSION: v5
+      FILE_PROVIDER_YML_VERSION: v4
+      ENTRYPOINT_VERSION: v1
 trigger:
   branch:
     - master
@@ -34,7 +34,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -1,7 +1,6 @@
 TYPE=traefik
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
-ENABLE_BACKUPS=true
 
 DOMAIN=traefik.example.com
 LETS_ENCRYPT_ENV=production
@@ -43,16 +42,10 @@ COMPOSE_FILE="compose.yml"
 
 ## Gandi, https://gandi.net
 ## note(3wc): only "V5" (new) API is supported, so far
-#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
-#GANDI_API_KEY_ENABLED=1
+#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi.yml"
+#GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1
 
-## Gandi, https://gandi.net
-## note: uses GandiV5 Personal Access Token
-#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
-#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
-#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
-
 ## DigitalOcean, https://digitalocean.com
 #COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
 #DIGITALOCEAN_ENABLED=1
@@ -147,7 +140,3 @@ COMPOSE_FILE="compose.yml"
 # NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
 #COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
 #WEB_ALT_ENABLED=1
-
-## Matrix
-#COMPOSE_FILE="$COMPOSE_FILE:compose.irc.yml"
-#IRC_ENABLED=1

README.md

@@ -40,10 +40,8 @@ Letsencrypt DNS challenges.
    `SECRET_GANDIV5_API_KEY_VERSION`
 4. Generate an API key for your provider
 5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
-   `SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml`) e.g.
+   `SECRETNAME` is from the compose file (e.g. `compose.gandi.yml`) e.g.
    `gandiv5_api_key` and `SECRETVALUE` is the API key.
-   - For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
-     Access Token, in which case use compose.gandi-personal-access-token.yml.
 6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
 
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra

abra.sh

@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v22
+export TRAEFIK_YML_VERSION=v21
 export FILE_PROVIDER_YML_VERSION=v10
-export ENTRYPOINT_VERSION=v4
+export ENTRYPOINT_VERSION=v3

compose.gandi-personal-access-token.yml

@@ -1,15 +0,0 @@
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - GANDIV5_PERSONAL_ACCESS_TOKEN_FILE=/run/secrets/gandiv5_pat
-      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
-      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
-    secrets:
-      - gandiv5_pat
-
-secrets:
-  gandiv5_pat:
-    name: ${STACK_NAME}_gandiv5_pat_${SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION}
-    external: true

compose.irc.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - IRC_ENABLED
-    ports:
-      - "6697:6697"

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.11.25"
+    image: "traefik:v2.11.10"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -47,14 +47,11 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=3.2.0+v2.11.25"
+        - "coop-cloud.${STACK_NAME}.version=2.8.0+v2.11.10"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls30
-    deploy:
-      endpoint_mode: dnsrr
+    image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
     environment:
       - ALLOW_START=0
       - ALLOW_STOP=0

entrypoint.sh.tmpl

@@ -7,6 +7,10 @@ export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
 export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 {{ end }}
 
+{{ if eq (env "GANDI_ENABLED") "1" }}
+export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
+{{ end }}
+
 {{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
 export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
 {{ end }}

release/2.9.0+v2.11.14

@@ -1 +0,0 @@
-Closes Security Issue https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg

release/2.9.1+v2.11.14

@@ -1 +0,0 @@
-Reverts max log retention

release/3.0.0+v2.11.22

@@ -1,2 +0,0 @@
-socket-proxy: switch to endpoint-mode dnsrr instead of vip
-See https://git.coopcloud.tech/coop-cloud/traefik/pulls/50.

traefik.yml.tmpl

@@ -68,10 +68,6 @@ entrypoints:
   compy:
     address: ":9999"
   {{ end }}
-  {{ if eq (env "IRC_ENABLED") "1" }}
-  irc:
-    address: ":6697"
-  {{ end }}
   {{ if eq (env "METRICS_ENABLED") "1" }}
   metrics:
     address: ":8082"