traefik: Configure dns challenge

services/legacy/sites/default.conf

@@ -1,5 +1,6 @@
 server {
     listen  80;
+    server_name kadet.net default;
     index   index.html index.htm;
 
     location / {

services/traefik/config/traefik.yaml

@@ -77,4 +77,5 @@ certificatesResolvers:
       caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
       email: "kacper@kadet.net"
       storage: "/etc/traefik/acme/lets-encrypt.json"
-      tlsChallenge: {}
+      dnsChallenge: 
+        provider: ovh

services/traefik/ovh.env

@@ -0,0 +1,4 @@
+OVH_ENDPOINT={{ ovh_endpoint }}
+OVH_APPLICATION_KEY={{ ovh_application_key }}
+OVH_APPLICATION_SECRET={{ ovh_application_secret }}
+OVH_CONSUMER_KEY={{ ovh_consumer_key }}

services/traefik/stack.yml

@@ -3,6 +3,8 @@ version: "{{ compose_version }}"
 services:
   ingress:
     image: traefik:v2.5
+    env_file:
+      - ./ovh.env
     ports:
       - 80:80
       - 443:443

services/traefik/tasks/config.yml

@@ -22,6 +22,13 @@
   tags:
     - config
 
+- name: 'Generate ovh.env file for "{{ service }}"'
+  template:
+    src: "{{ service_path }}/ovh.env"
+    dest: "{{ remote_service_path }}/ovh.env"
+  tags:
+    - config
+
 - name: 'Copy dynamic config'
   template:
     src: "{{ file }}"

vars/services.yml

@@ -16,6 +16,31 @@ services_to_restart: []
 
 service_config:
   traefik:
+    ovh_endpoint: ovh-eu
+    ovh_application_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36316437333734643766303734613564306539363531323832623032343233303739303135633563
+          3263613130636262386463323836353238656164306462660a616533366165313437636331303766
+          33383963393464313032303336343761306436316163346630306262363762613831373838663837
+          6363373339316534640a333766373162343864613730376563303361656138323262306339613530
+          34653466333161353433326632323731306565643930383962653233346162343362
+    ovh_application_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37363635656333343863393435343031306630373038663561303038383136616138363538333636
+          6438353634323266356233633034613263653435386262300a393962656564366432643932373264
+          36656161353730376636646233363662376636383461656434306339646339643865626162646435
+          3835623031326137320a653962383531663532663436316264313035356237623466663262643735
+          66646465646531643638653165316531336430356266393631353439633236323733656463643935
+          6436623435613135313862643962663362656539363165303037
+    ovh_consumer_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64356531386663353164303762396664393031323864363362346336346166353933336334303563
+          6135386139616638396136336534656562643061653630650a366365653234643439323537663766
+          31643864353032303237633933326334626161646336346532386566333465333230383639313664
+          3531383466316437390a393130303136356262363231643063373763303265393563326565633965
+          39303464363636366638373065363535353161613334373530623062376333373234666161323731
+          3764613331316433653335376337356464313137336563643834
+
     traefik_token: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           66623665393638313039616464613563316437386566396238623937363238626535633937633536