readme typo

minor

.drone.yml

@@ -1,32 +0,0 @@
----
-kind: pipeline
-name: deploy to swarm-test.autonomic.zone
-steps:
-  - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
-    settings:
-      host: swarm-test.autonomic.zone
-      stack: traefik
-      deploy_key:
-        from_secret: drone_ssh_swarm_test
-    environment:
-      DOMAIN: traefik.swarm-test.autonomic.zone
-      STACK_NAME: traefik
-      LETS_ENCRYPT_ENV: production
-      LETS_ENCRYPT_EMAIL: helo@autonomic.zone
-      TRAEFIK_YML_VERSION: v4
-      FILE_PROVIDER_YML_VERSION: v3
-      ENTRYPOINT_VERSION: v1
-trigger:
-  branch:
-    - master
----
-kind: pipeline
-name: recipe release
-steps:
-  - name: release a new version
-    image: thecoopcloud/drone-abra:latest
-    settings:
-      command: recipe traefik release
-      deploy_key:
-        from_secret: abra_bot_deploy_key

.env.sample

@@ -1,94 +0,0 @@
-TYPE=traefik
-
-DOMAIN=traefik.example.com
-LETS_ENCRYPT_ENV=production
-
-LETS_ENCRYPT_EMAIL=certs@example.com
-# DASHBOARD_ENABLED=true
-# WARN, INFO etc.
-LOG_LEVEL=WARN
-
-# This is here so later lines can extend the definition; you likely don't wanna
-# edit
-COMPOSE_FILE="compose.yml"
-
-#####################################################################
-# General settings                                                  #
-#####################################################################
-
-## Host-mode networking
-#COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
-
-## "Headless mode" (no domain configured)
-#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
-
-#####################################################################
-# Automatic DNS set-up for Letsencrypt                              #
-#####################################################################
-
-## Enable dns challenge (for wildcard domains)
-##   https://doc.traefik.io/traefik/https/acme/#dnschallenge
-#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
-#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
-
-## OVH, https://ovh.com
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
-#OVH_ENABLED=1
-#OVH_APPLICATION_KEY=
-#OVH_ENDPOINT=
-#SECRET_OVH_APP_SECRET_VERSION=v1
-#SECRET_OVH_CONSUMER_KEY=v1
-
-## Gandi, https://gandi.net
-## note(3wc): only "V5" (new) API is supported, so far
-#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi.yml"
-#GANDI_ENABLED=1
-#SECRET_GANDIV5_API_KEY_VERSION=v1
-
-#####################################################################
-# Keycloak log-in                                                   #
-#####################################################################
-
-## Enable Keycloak
-#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
-#KEYCLOAK_MIDDLEWARE_ENABLED=1
-
-#####################################################################
-# Prometheus metrics                                                #
-#####################################################################
-
-## Enable prometheus metrics collection
-## used used by the coop-cloud monitoring stack
-#METRICS_ENABLED=1
-
-#####################################################################
-# Additional services                                               #
-#####################################################################
-
-## SMTP port 587
-#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
-#SMTP_ENABLED=1
-
-## Gitea SSH
-# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
-# GITEA_SSH_ENABLED=1
-
-## Foodsoft SMTP
-# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
-# FOODSOFT_SMTP_ENABLED=1
-
-## Peertube RTMP
-#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
-#PEERTUBE_RTMP_ENABLED=1
-
-## Secure Scuttlebutt MUXRPC
-#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
-#SSB_MUXRPC_ENABLED=1
-
-## MSSQL
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
-#MSSQL_ENABLED=1
-
-## Mumble
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
-#MUMBLE_ENABLED=1

.gitignore

@@ -1 +1 @@
-.envrc
+.env

README.md

@@ -1,26 +1,24 @@
 # Traefik
 
-[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/traefik/status.svg)](https://drone.autonomic.zone/coop-cloud/traefik)
+Wiki Cafe's configuration for a traefik deployment. Originally slimmed down from an `abra` [recipe](https://git.coopcloud.tech/coop-cloud/traefik) by [Co-op Cloud](https://coopcloud.tech/).
 
-> https://docs.traefik.io
 
-<!-- metadata -->
-* **Category**: Utilities
-* **Status**: ?
-* **Image**: [`traefik`](https://hub.docker.com/_/traefik), ❶💚, upstream
-* **Healthcheck**: Yes
-* **Backups**: No
-* **Email**: N/A
-* **Tests**: ❷💛
-* **SSO**: ? (Keycloak)
-<!-- endmetadata -->
+## Deploying the app with Docker Swarm
 
-## Basic usage
+Set the environment variables from the .env file during the shell session.
 
-1. Set up Docker Swarm and [`abra`]
-2. `abra app new traefik`
-3. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
-   your Docker swarm box
-4. `abra app YOURAPPDOMAIN deploy`
+```
+set -a && source .env && set +a
+```
 
-[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
+Set the secrets.
+
+```
+printf "SECRET_HERE" | docker secret create SECRET_NAME -
+```
+
+Deploy using the `-c` flag to specify multiple compose files.
+
+```
+docker stack deploy traefik -c compose.yaml -c compose.googledomains.yaml
+```

abra.sh

@@ -1,3 +0,0 @@
-export TRAEFIK_YML_VERSION=v12
-export FILE_PROVIDER_YML_VERSION=v2
-export ENTRYPOINT_VERSION=v2

compose.foodsoft.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - FOODSOFT_SMTP_ENABLED
-    ports:
-      - "2525:2525"

compose.gandi.yml

@@ -1,15 +0,0 @@
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - GANDIV5_API_KEY_FILE=/run/secrets/gandiv5_api_key
-      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
-      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
-    secrets:
-      - gandiv5_api_key
-
-secrets:
-  gandiv5_api_key:
-    name: ${STACK_NAME}_gandiv5_api_key_${SECRET_GANDIV5_API_KEY_VERSION}
-    external: true

compose.gitea.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - GITEA_SSH_ENABLED
-    ports:
-      - "2222:2222"

compose.googledomains.yaml

@@ -0,0 +1,10 @@
+services:
+  app:
+    environment:
+      - GOOGLE_DOMAINS_ACCESS_TOKEN_FILE=/run/secrets/google_domains_access_token
+    secrets:
+      - google_domains_access_token
+
+secrets:
+  google_domains_access_token:
+    external: true

compose.headless.yml

@@ -1,15 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    deploy:
-      update_config:
-        failure_action: rollback
-        order: start-first
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.traefik.loadbalancer.server.port=web"
-        - "traefik.http.routers.traefik.entrypoints=web-secure"
-        - "traefik.http.routers.traefik.service=api@internal"
-        - "coop-cloud.${STACK_NAME}.app.version=v2.4.9-be23e1f6"

compose.host.yml

@@ -1,15 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    deploy:
-      update_config:
-        order: stop-first
-    ports:
-      - target: 80
-        published: 80
-        mode: host
-      - target: 443
-        published: 443
-        mode: host

compose.keycloak.yml

@@ -1,10 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    deploy:
-      labels:
-        - "traefik.http.routers.traefik.middlewares=keycloak@file"
-    environment:
-      - KEYCLOAK_MIDDLEWARE_ENABLED

compose.mssql.yml

@@ -1,10 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - MSSQL_ENABLED
-    ports:
-      - target: 1433
-        published: 1433
-        protocol: tcp
-        mode: host

compose.mumble.yml

@@ -1,9 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - MUMBLE_ENABLED
-    ports:
-      - "64738:64738/udp"
-      # note (3wc): see https://github.com/docker/compose/issues/7627
-      - "64737-64739:64737-64739/tcp"

compose.ovh.yml

@@ -1,21 +0,0 @@
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - OVH_APPLICATION_KEY
-      - OVH_APPLICATION_SECRET_FILE=/run/secrets/ovh_app_secret
-      - OVH_CONSUMER_KEY_FILE=/run/secrets/ovh_consumer_key
-      - OVH_ENABLED
-      - OVH_ENDPOINT
-    secrets:
-      - ovh_app_secret
-      - ovh_consumer_key
-
-secrets:
-  ovh_app_secret:
-    name: ${STACK_NAME}_ovh_app_secret_${SECRET_OVH_APP_SECRET_VERSION}
-    external: true
-  ovh_consumer_key:
-    name: ${STACK_NAME}_ovh_consumer_key_${SECRET_OVH_CONSUMER_KEY}
-    external: true

compose.peertube.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - PEERTUBE_RTMP_ENABLED
-    ports:
-      - "1935:1935"

compose.smtp.yml

@@ -1,9 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - SMTP_ENABLED
-    ports:
-      - "587:587"

compose.ssb.yml

@@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - SSB_MUXRPC_ENABLED
-    ports:
-      - "8008:8008"

compose.yaml

@@ -1,31 +1,25 @@
----
-version: "3.8"
-
 services:
   app:
-    image: "traefik:v2.5.2"
-    # Note(decentral1se): *please do not* add any additional ports here.
-    # Doing so could break new installs with port conflicts. Please use
-    # the usual `compose.$app.yml` approach for any additional ports
+    image: "traefik:v2.10.4"
     ports:
+      # HTTP
       - "80:80"
+      # HTTPS
       - "443:443"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "letsencrypt:/etc/letsencrypt"
     configs:
-      - source: traefik_yml
-        target: /etc/traefik/traefik.yml
-      - source: file_provider_yml
-        target: /etc/traefik/file-provider.yml
-      - source: entrypoint
-        target: /custom-entrypoint.sh
-        mode: 0555
+      - source: traefik_yaml
+        target: /etc/traefik/traefik.yaml
+      - source: file_provider_yaml
+        target: /etc/traefik/file-provider.yaml
     networks:
       - proxy
     environment:
       - DASHBOARD_ENABLED
       - LOG_LEVEL
+      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
     healthcheck:
       test: ["CMD", "traefik", "healthcheck"]
       interval: 30s
@@ -33,7 +27,6 @@ services:
       retries: 10
       start_period: 1m
     command: traefik
-    entrypoint: /custom-entrypoint.sh
     deploy:
       update_config:
         failure_action: rollback
@@ -44,28 +37,20 @@ services:
         - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.traefik.entrypoints=web-secure"
         - "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "traefik.http.routers.traefik.tls.options=default@file"
         - "traefik.http.routers.traefik.service=api@internal"
         - "traefik.http.routers.traefik.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=1.0.0+v2.5.2"
 
 networks:
   proxy:
     external: true
 
 configs:
-  traefik_yml:
-    name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
-    file: traefik.yml.tmpl
+  traefik_yaml:
+    file: traefik.yaml.tmpl
     template_driver: golang
-  file_provider_yml:
-    name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
-    file: file-provider.yml.tmpl
-    template_driver: golang
-  entrypoint:
-    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
-    file: entrypoint.sh.tmpl
+  file_provider_yaml:
+    file: file-provider.yaml.tmpl
     template_driver: golang
 
 volumes:
-  letsencrypt:
+  letsencrypt:

entrypoint.sh.tmpl

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-set -e
-
-{{ if eq (env "OVH_ENABLED") "1" }}
-export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
-export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
-{{ end }}
-
-{{ if eq (env "GANDI_ENABLED") "1" }}
-export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
-{{ end }}
-
-/entrypoint.sh "$@"

file-provider.yaml.tmpl

@@ -1,14 +1,6 @@
 ---
 http:
   middlewares:
-    {{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
-    keycloak:
-      forwardAuth:
-        address: "http://traefik-forward-auth:4181"
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-Forwarded-User
-    {{ end }}
     security:
       headers:
         frameDeny: true

renovate.json

@@ -1,6 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base"
-  ]
-}

traefik.yaml.tmpl

@@ -9,7 +9,7 @@ providers:
     network: proxy
     swarmMode: true
   file:
-    filename: /etc/traefik/file-provider.yml
+    filename: /etc/traefik/file-provider.yaml
 
 api:
   dashboard: {{ env "DASHBOARD_ENABLED" }}
@@ -24,50 +24,10 @@ entrypoints:
           to: web-secure
   web-secure:
     address: ":443"
-  {{ if eq (env "GITEA_SSH_ENABLED") "1" }}
-  gitea-ssh:
-    address: ":2222"
-  {{ end }}
-  {{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
-  foodsoft-smtp:
-    address: ":2525"
-  {{ end }}
-  {{ if eq (env "SMTP_ENABLED") "1" }}
-  smtp-submission:
-    address: ":587"
-  {{ end }}
-  {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
-  peertube-rtmp:
-    address: ":1935"
-  {{ end }}
-  {{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
-  ssb-muxrpc:
-    address: ":8008"
-  {{ end }}
-  {{ if eq (env "MSSQL_ENABLED") "1" }}
-  mssql:
-    address: ":1433"
-  {{ end }}
-  {{ if eq (env "MUMBLE_ENABLED") "1" }}
-  mumble:
-    address: ":64738"
-  mumble-udp:
-    address: ":64738/udp"
-  {{ end }}
-  {{ if eq (env "METRICS_ENABLED") "1" }}
-  metrics:
-    address: ":8082"
-  {{ end }}
 
 ping:
   entryPoint: web
 
-{{ if eq (env "METRICS_ENABLED") "1" }}
-metrics:
-  prometheus:
-    entryPoint: metrics
-{{ end }}
-
 certificatesResolvers:
   staging:
     acme:
@@ -76,23 +36,19 @@ certificatesResolvers:
       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web
-      {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
       dnsChallenge:
         provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
         resolvers:
           - "1.1.1.1:53"
           - "8.8.8.8:53"
-      {{ end }}
   production:
     acme:
       email: {{ env "LETS_ENCRYPT_EMAIL" }}
       storage: /etc/letsencrypt/production-acme.json
       httpChallenge:
         entryPoint: web
-      {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
       dnsChallenge:
         provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
         resolvers:
           - "1.1.1.1:53"
           - "8.8.8.8:53"
-      {{ end }}