diff --git a/services/legacy/sites/default.conf b/services/legacy/sites/default.conf index 56e4245..df9692c 100644 --- a/services/legacy/sites/default.conf +++ b/services/legacy/sites/default.conf @@ -1,5 +1,6 @@ server { listen 80; + server_name kadet.net default; index index.html index.htm; location / { diff --git a/services/traefik/config/traefik.yaml b/services/traefik/config/traefik.yaml index fb7b425..6e19bd3 100644 --- a/services/traefik/config/traefik.yaml +++ b/services/traefik/config/traefik.yaml @@ -77,4 +77,5 @@ certificatesResolvers: caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}" email: "kacper@kadet.net" storage: "/etc/traefik/acme/lets-encrypt.json" - tlsChallenge: {} + dnsChallenge: + provider: ovh diff --git a/services/traefik/ovh.env b/services/traefik/ovh.env new file mode 100644 index 0000000..89e11af --- /dev/null +++ b/services/traefik/ovh.env @@ -0,0 +1,4 @@ +OVH_ENDPOINT={{ ovh_endpoint }} +OVH_APPLICATION_KEY={{ ovh_application_key }} +OVH_APPLICATION_SECRET={{ ovh_application_secret }} +OVH_CONSUMER_KEY={{ ovh_consumer_key }} diff --git a/services/traefik/stack.yml b/services/traefik/stack.yml index b9c6a46..9c7d322 100644 --- a/services/traefik/stack.yml +++ b/services/traefik/stack.yml @@ -3,6 +3,8 @@ version: "{{ compose_version }}" services: ingress: image: traefik:v2.5 + env_file: + - ./ovh.env ports: - 80:80 - 443:443 diff --git a/services/traefik/tasks/config.yml b/services/traefik/tasks/config.yml index e1b4c9d..67f2c97 100644 --- a/services/traefik/tasks/config.yml +++ b/services/traefik/tasks/config.yml @@ -22,6 +22,13 @@ tags: - config +- name: 'Generate ovh.env file for "{{ service }}"' + template: + src: "{{ service_path }}/ovh.env" + dest: "{{ remote_service_path }}/ovh.env" + tags: + - config + - name: 'Copy dynamic config' template: src: "{{ file }}" diff --git a/vars/services.yml b/vars/services.yml index ce95e62..d75c9b1 100644 --- a/vars/services.yml +++ b/vars/services.yml @@ -16,6 +16,31 @@ services_to_restart: [] service_config: traefik: + ovh_endpoint: ovh-eu + ovh_application_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36316437333734643766303734613564306539363531323832623032343233303739303135633563 + 3263613130636262386463323836353238656164306462660a616533366165313437636331303766 + 33383963393464313032303336343761306436316163346630306262363762613831373838663837 + 6363373339316534640a333766373162343864613730376563303361656138323262306339613530 + 34653466333161353433326632323731306565643930383962653233346162343362 + ovh_application_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37363635656333343863393435343031306630373038663561303038383136616138363538333636 + 6438353634323266356233633034613263653435386262300a393962656564366432643932373264 + 36656161353730376636646233363662376636383461656434306339646339643865626162646435 + 3835623031326137320a653962383531663532663436316264313035356237623466663262643735 + 66646465646531643638653165316531336430356266393631353439633236323733656463643935 + 6436623435613135313862643962663362656539363165303037 + ovh_consumer_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64356531386663353164303762396664393031323864363362346336346166353933336334303563 + 6135386139616638396136336534656562643061653630650a366365653234643439323537663766 + 31643864353032303237633933326334626161646336346532386566333465333230383639313664 + 3531383466316437390a393130303136356262363231643063373763303265393563326565633965 + 39303464363636366638373065363535353161613334373530623062376333373234666161323731 + 3764613331316433653335376337356464313137336563643834 + traefik_token: !vault | $ANSIBLE_VAULT;1.1;AES256 66623665393638313039616464613563316437386566396238623937363238626535633937633536