From cff8bddc30f4d8e7e0821f2c1cefd06100d58ca0 Mon Sep 17 00:00:00 2001
From: Kacper Donat <kadet1090@gmail.com>
Date: Sun, 5 Nov 2023 17:02:09 +0100
Subject: [PATCH] traefik: Replace dns-01 with tls-sni-01

---
 services/traefik/config/traefik.yaml |  3 +--
 services/traefik/stack.yml           | 14 ++++++++----
 vars/services.yml                    | 34 ++++++++++++++--------------
 3 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/services/traefik/config/traefik.yaml b/services/traefik/config/traefik.yaml
index ee664ac..321ede4 100644
--- a/services/traefik/config/traefik.yaml
+++ b/services/traefik/config/traefik.yaml
@@ -77,8 +77,7 @@ certificatesResolvers:
       caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
       email: "kacper@kadet.net"
       storage: "/etc/traefik/acme/lets-encrypt.json"
-      dnsChallenge: 
-        provider: ovh
+      tlsChallenge: {}
   lets-encrypt-tls:
     acme:
       caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
diff --git a/services/traefik/stack.yml b/services/traefik/stack.yml
index 5e7dd26..4aa254a 100644
--- a/services/traefik/stack.yml
+++ b/services/traefik/stack.yml
@@ -2,12 +2,18 @@ version: "{{ compose_version }}"
 
 services:
   ingress:
-    image: traefik:v2.8
+    image: traefik:v2.10
     env_file:
       - ./ovh.env
     ports:
-      - 80:80
-      - 443:443
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
     volumes:
       - ./config/acme:/etc/traefik/acme
       - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
@@ -17,4 +23,4 @@ services:
       placement:
         constraints:
           - node.role == manager
-    networks: ['{{ ingress_network }}']
+    networks: ["{{ ingress_network }}"]
diff --git a/vars/services.yml b/vars/services.yml
index b067c81..0660634 100644
--- a/vars/services.yml
+++ b/vars/services.yml
@@ -20,27 +20,27 @@ service_config:
     ovh_endpoint: ovh-eu
     ovh_application_key: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      36316437333734643766303734613564306539363531323832623032343233303739303135633563
-      3263613130636262386463323836353238656164306462660a616533366165313437636331303766
-      33383963393464313032303336343761306436316163346630306262363762613831373838663837
-      6363373339316534640a333766373162343864613730376563303361656138323262306339613530
-      34653466333161353433326632323731306565643930383962653233346162343362
+      30373131373061356637613064356462383064343336633335663830666330363763666631303962
+      3739306161336635326133623864623737303836656166380a633332376335623234353739373939
+      36646538333139323365386434666664333161396461636130336338373337393163653439316364
+      3362396431373838380a636334306362333139623731343061633636393335346563303330656230
+      37613366613338643065356234306333393134323866363132616532643136313734
     ovh_application_secret: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      37363635656333343863393435343031306630373038663561303038383136616138363538333636
-      6438353634323266356233633034613263653435386262300a393962656564366432643932373264
-      36656161353730376636646233363662376636383461656434306339646339643865626162646435
-      3835623031326137320a653962383531663532663436316264313035356237623466663262643735
-      66646465646531643638653165316531336430356266393631353439633236323733656463643935
-      6436623435613135313862643962663362656539363165303037
+      63613637353337636239326538623466623133353137323261656434393734616430656236313563
+      6635343434303037623233373930646531373038636437610a623763393363336163353834626334
+      65313064626162623138303436383639363261323235356531366562336132353831323133623232
+      3564386138353734340a656166616566623833383530363831346433623032383266306436316637
+      36613436626463613635373437333836646163626663653134326632356430646230663732323962
+      6537636439303866636636303961376138343536333466303736
     ovh_consumer_key: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      64356531386663353164303762396664393031323864363362346336346166353933336334303563
-      6135386139616638396136336534656562643061653630650a366365653234643439323537663766
-      31643864353032303237633933326334626161646336346532386566333465333230383639313664
-      3531383466316437390a393130303136356262363231643063373763303265393563326565633965
-      39303464363636366638373065363535353161613334373530623062376333373234666161323731
-      3764613331316433653335376337356464313137336563643834
+      39323462633866363837323161313133383438316338303937316335333736366337316636353562
+      3162653032646365363863363835393964326262356531350a616264663663383164613162396237
+      31663662363064623566313530396533633931303635396335633533346662373663353230343038
+      6136356234336235370a646666363933616233643737626264656438333030653433303336326230
+      34303333393266646430663239623962306261343062643935616139366132666133656265643434
+      3932356533663161616332626135613461373432373766333730
 
     traefik_token: !vault |
       $ANSIBLE_VAULT;1.1;AES256