chore(package): update cr.simoncor.net/dockerhub/library/traefik docker tag to v3.7.1

Replace docker.io references with cr.simoncor.net/dockerhub
pull-through cache. Official images now use explicit library/
namespace for cache compatibility.

.ansible-lint

@@ -3,6 +3,7 @@
 exclude_paths:
   - ".gitlab/*"
   - ".gitlab-ci.yml"
+  - ".woodpecker/*"
   - "defaults/main.yaml"
   - "meta/main.yaml"
   - "vars/*"

.gitlab-ci.yml

@@ -1,13 +0,0 @@
----
-
-# gitlab stages
-stages:
-  - "gitleaks"
-  - "linting"
-
-# include components
-include:
-  - component: "$CI_SERVER_FQDN/components/ansible/linting@v3.0.3"
-  - component: "$CI_SERVER_FQDN/components/gitleaks/gitleaks@v1.0.0"
-  - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0"
-  - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2"

.markdownlint-cli2.jsonc

@@ -6,7 +6,8 @@
   // linting rules
   "config": {
     "MD013": {
-      "line_length": 120
+      "line_length": 120,
+      "tables": false
     }
   }
 }

.woodpecker/linting.yml

@@ -0,0 +1,41 @@
+---
+when:
+  - event: "push"
+    branch: "main"
+  - event: "manual"
+
+steps:
+
+  # gitleaks
+  - name: "gitleaks"
+    # renovate: datasource=github-releases depName=gitleaks/gitleaks
+    image: "cr.simoncor.net/ghcr/gitleaks/gitleaks:v8.30.1"
+    commands:
+      - "gitleaks detect --source . --verbose --redact"
+
+  # yamllint
+  - name: "yamllint"
+    # renovate: datasource=docker depName=cr.simoncor.net/yamllint
+    image: "cr.simoncor.net/yamllint:1.38.0"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "yamllint -c .yamllint ."
+
+  # ansible-lint
+  - name: "ansible-lint"
+    # renovate: datasource=docker depName=docker.io/pipelinecomponents/ansible-lint
+    image: "cr.simoncor.net/dockerhub/pipelinecomponents/ansible-lint:0.79.11"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "ansible-lint -c .ansible-lint ."
+
+  # markdownlint
+  - name: "markdownlint"
+    # renovate: datasource=docker depName=docker.io/davidanson/markdownlint-cli2
+    image: "cr.simoncor.net/dockerhub/davidanson/markdownlint-cli2:v0.22.1"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "markdownlint-cli2 --config .markdownlint-cli2.jsonc"

readme.md

@@ -4,15 +4,15 @@ Install and configure [Traefik](https://traefik.io/) - a modern HTTP reverse pro
 
 ## Variables
 
-| Variable | Required | Default | Description |
+| Variable                    | Required | Default             | Description                          |
-|----------|----------|---------|-------------|
+| --------------------------- | -------- | ------------------- | ------------------------------------ |
-| `traefik_letsencrypt_email` | Yes | `email@example.com` | Email for Let's Encrypt certificates |
+| `traefik_letsencrypt_email` | Yes      | `email@example.com` | Email for Let's Encrypt certificates |
-| `traefik_routes` | Yes | `[]` | List of Traefik routes to configure |
+| `traefik_routes`            | Yes      | `[]`                | List of Traefik routes to configure  |
-| `traefik_routes[].name` | Yes | - | Route domain name |
+| `traefik_routes[].name`     | Yes      | ------------------- | Route domain name                    |
-| `traefik_routes[].service` | Yes | - | Service name |
+| `traefik_routes[].service`  | Yes      | ------------------- | Service name                         |
-| `traefik_routes[].host` | Yes | - | Backend host |
+| `traefik_routes[].host`     | Yes      | ------------------- | Backend host                         |
-| `traefik_routes[].proto` | Yes | - | Backend protocol (http/https) |
+| `traefik_routes[].proto`    | Yes      | ------------------- | Backend protocol (http/https)        |
-| `traefik_routes[].port` | Yes | - | Backend port |
+| `traefik_routes[].port`     | Yes      | ------------------- | Backend port                         |
 
 ## Example
 

tasks/traefik.yaml

@@ -12,13 +12,23 @@
 # traefik config
 - name: "traefik config"
   ansible.builtin.template:
-    src: "templates/traefik/config.yml.j2"
+    src: "templates/traefik/traefik.yml.j2"
     dest: "/mnt/traefik/traefik.yml"
     owner: "root"
     group: "root"
     mode: "0640"
   notify: "restart traefik"
 
+# traefik http routes
+- name: "traefik https routes"
+  ansible.builtin.template:
+    src: "templates/traefik/http.yml.j2"
+    dest: "/mnt/traefik/http.yml"
+    owner: "root"
+    group: "root"
+    mode: "0640"
+  notify: "restart traefik"
+
 # transip apikey
 - name: "traefik - transip api"
   ansible.builtin.copy:
@@ -63,12 +73,13 @@
 
     # traefik
     name: "traefik"
-    image: "docker.io/traefik:v3.6.13"
+    image: "cr.simoncor.net/dockerhub/library/traefik:v3.7.1"
     image_name_mismatch: "recreate"
     restart_policy: "unless-stopped"
     network_mode: "host"
     volumes:
       - "/mnt/traefik/traefik.yml:/traefik.yml:ro"
+      - "/mnt/traefik/http.yml:/http.yml:ro"
       - "/mnt/traefik/acme.json:/acme.json"
       - "/mnt/traefik/transip.key:/transip.key:ro"
 

templates/traefik/http.yml.j2

@@ -0,0 +1,18 @@
+http:
+  routers:
+{% for item in traefik_routes %}
+    {{ item.service }}:
+      rule: "Host(`{{ item.name }}`)"
+      entryPoints:
+        - websecure
+      service: {{ item.service }}-svc
+      tls:
+        certResolver: transip
+{% endfor %}
+  services:
+{% for item in traefik_routes %}
+    {{ item.service }}-svc:
+      loadBalancer:
+        servers:
+          - url: "{{ item.proto }}://{{ item.host }}:{{ item.port }}"
+{% endfor %}

templates/traefik/traefik.yml.j2

@@ -16,7 +16,6 @@ entryPoints:
         readTimeout: 0
         writeTimeout: 0
         idleTimeout: 0
-
 certificatesResolvers:
   transip:
     acme:
@@ -24,28 +23,13 @@ certificatesResolvers:
         provider: "transip"
       email: "{{ traefik_letsencrypt_email }}"
       storage: "/acme.json"
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+{% if traefik_routes | selectattr('proto', 'equalto', 'https') | list | length > 0 %}
+serversTransport:
+  insecureSkipVerify: true
+{% endif %}
 
 providers:
   file:
-    filename: /traefik.yml
+    filename: /http.yml
     watch: true
-
-http:
-  routers:
-{% for item in traefik_routes %}
-    {{ item.service }}:
-      rule: "Host(`{{ item.name }}`)"
-      entryPoints:
-        - websecure
-      service: {{ item.service }}-svc
-      tls:
-        certResolver: transip
-{% endfor %}
-  services:
-{% for item in traefik_routes %}
-    {{ item.service }}-svc:
-      loadBalancer:
-        servers:
-          - url: "{{ item.proto }}://{{ item.host }}:{{ item.port }}"
-{% endfor %}