Add Monitoring host

coreos-config/roles/compose_project/templates/traefik/docker-compose.yaml

@@ -1,3 +1,4 @@
+{% set deploy_traefik_fa = with_fa|default(false) %}
 ---
 version: '3.9'
 services:
@@ -17,9 +18,8 @@ services:
     networks:
       - gateway
       - default
-    environment:
-      CLOUDFLARE_DNS_API_TOKEN: "{{ traefik.CLOUDFLARE_DNS_API_TOKEN }}"
 
+{% if deploy_traefik_fa %}
   traefik-fa:
     image: thomseddon/traefik-forward-auth:latest
     restart: always
@@ -38,16 +38,7 @@ services:
       - "traefik.http.services.traefik-fa.loadbalancer.server.port=4181"
       - "traefik.http.routers.traefik-fa.middlewares=sso@file"
 
-  # whoami:
-  #   image: containous/whoami
-  #   networks:
-  #     - gateway
-  #   labels:
-  #     - "traefik.enable=true"
-  #     - "traefik.http.services.whoami.loadbalancer.server.port=80"
-  #     - "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)"
-  #     - "traefik.http.routers.whoami.entryPoints=websecure"
-  #     - "traefik.http.routers.whoami.middlewares=sso@file"
+{% endif %}
 
 volumes:
   acme:

coreos-config/roles/compose_project/templates/traefik/traefik-fa.ini

@@ -1,3 +1,4 @@
+{% if with_fa|default(false) %}
 default-provider = oidc
 
 # Cookie signing nonce, replace this with something random
@@ -18,3 +19,4 @@ auth-host = traefik-fa.tobiasmanske.de
 whitelist = {{ user }}
 {% endfor %}
 
+{% endif %}

coreos-config/roles/compose_project/templates/traefik/traefik.yaml

@@ -27,5 +27,4 @@ certificatesResolvers:
       email: webmaster@tobiasmanske.de
       storage: /acme/acme.json
       # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
-      dnsChallenge:
-        provider: cloudflare
+      tlsChallenge: true