chore(package): update cr.simoncor.net/dockerhub/library/traefik docker tag to v3.7.1

ci: migrate from gitlab ci to woodpecker
feat: use pull-through cache for Docker Hub images
2026-05-15 12:46:51 +00:00 · 2026-05-15 14:13:50 +02:00 · 2026-05-08 14:42:38 +02:00 · 2026-05-08 13:45:36 +02:00 · 2026-05-06 04:47:25 +00:00 · 2026-04-30 04:47:25 +00:00
8 changed files with 90 additions and 47 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -3,6 +3,7 @@
 exclude_paths:
  - ".gitlab/*"
  - ".gitlab-ci.yml"
+  - ".woodpecker/*"
  - "defaults/main.yaml"
  - "meta/main.yaml"
  - "vars/*"
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,13 +0,0 @@
---
-
-# gitlab stages
-stages:
-  - "gitleaks"
-  - "linting"
-
-# include components
-include:
-  - component: "$CI_SERVER_FQDN/components/ansible/linting@v3.0.3"
-  - component: "$CI_SERVER_FQDN/components/gitleaks/gitleaks@v1.0.0"
-  - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0"
-  - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2"
--- a/.markdownlint-cli2.jsonc
+++ b/.markdownlint-cli2.jsonc
@ -6,7 +6,8 @@
  // linting rules
  "config": {
    "MD013": {
-      "line_length": 120
+      "line_length": 120,
+      "tables": false
    }
  }
 }
--- a/.woodpecker/linting.yml
+++ b/.woodpecker/linting.yml
@ -0,0 +1,41 @@
+---
+when:
+  - event: "push"
+    branch: "main"
+  - event: "manual"
+
+steps:
+
+  # gitleaks
+  - name: "gitleaks"
+    # renovate: datasource=github-releases depName=gitleaks/gitleaks
+    image: "cr.simoncor.net/ghcr/gitleaks/gitleaks:v8.30.1"
+    commands:
+      - "gitleaks detect --source . --verbose --redact"
+
+  # yamllint
+  - name: "yamllint"
+    # renovate: datasource=docker depName=cr.simoncor.net/yamllint
+    image: "cr.simoncor.net/yamllint:1.38.0"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "yamllint -c .yamllint ."
+
+  # ansible-lint
+  - name: "ansible-lint"
+    # renovate: datasource=docker depName=docker.io/pipelinecomponents/ansible-lint
+    image: "cr.simoncor.net/dockerhub/pipelinecomponents/ansible-lint:0.79.11"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "ansible-lint -c .ansible-lint ."
+
+  # markdownlint
+  - name: "markdownlint"
+    # renovate: datasource=docker depName=docker.io/davidanson/markdownlint-cli2
+    image: "cr.simoncor.net/dockerhub/davidanson/markdownlint-cli2:v0.22.1"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "markdownlint-cli2 --config .markdownlint-cli2.jsonc"
--- a/readme.md
+++ b/readme.md
@ -5,14 +5,14 @@ Install and configure [Traefik](https://traefik.io/) - a modern HTTP reverse pro
 ## Variables

 | Variable                    | Required | Default             | Description                          |
-|----------|----------|---------|-------------|
+| --------------------------- | -------- | ------------------- | ------------------------------------ |
 | `traefik_letsencrypt_email` | Yes      | `email@example.com` | Email for Let's Encrypt certificates |
 | `traefik_routes`            | Yes      | `[]`                | List of Traefik routes to configure  |
-| `traefik_routes[].name` | Yes | - | Route domain name |
-| `traefik_routes[].service` | Yes | - | Service name |
-| `traefik_routes[].host` | Yes | - | Backend host |
-| `traefik_routes[].proto` | Yes | - | Backend protocol (http/https) |
-| `traefik_routes[].port` | Yes | - | Backend port |
+| `traefik_routes[].name`     | Yes      | ------------------- | Route domain name                    |
+| `traefik_routes[].service`  | Yes      | ------------------- | Service name                         |
+| `traefik_routes[].host`     | Yes      | ------------------- | Backend host                         |
+| `traefik_routes[].proto`    | Yes      | ------------------- | Backend protocol (http/https)        |
+| `traefik_routes[].port`     | Yes      | ------------------- | Backend port                         |

 ## Example

--- a/tasks/traefik.yaml
+++ b/tasks/traefik.yaml
@ -12,13 +12,23 @@
 # traefik config
 - name: "traefik config"
  ansible.builtin.template:
-    src: "templates/traefik/config.yml.j2"
+    src: "templates/traefik/traefik.yml.j2"
    dest: "/mnt/traefik/traefik.yml"
    owner: "root"
    group: "root"
    mode: "0640"
  notify: "restart traefik"

+# traefik http routes
+- name: "traefik https routes"
+  ansible.builtin.template:
+    src: "templates/traefik/http.yml.j2"
+    dest: "/mnt/traefik/http.yml"
+    owner: "root"
+    group: "root"
+    mode: "0640"
+  notify: "restart traefik"
+
 # transip apikey
 - name: "traefik - transip api"
  ansible.builtin.copy:
@ -63,12 +73,13 @@

    # traefik
    name: "traefik"
-    image: "docker.io/traefik:v3.6.13"
+    image: "cr.simoncor.net/dockerhub/library/traefik:v3.7.1"
    image_name_mismatch: "recreate"
    restart_policy: "unless-stopped"
    network_mode: "host"
    volumes:
      - "/mnt/traefik/traefik.yml:/traefik.yml:ro"
+      - "/mnt/traefik/http.yml:/http.yml:ro"
      - "/mnt/traefik/acme.json:/acme.json"
      - "/mnt/traefik/transip.key:/transip.key:ro"

--- a/templates/traefik/http.yml.j2
+++ b/templates/traefik/http.yml.j2
@ -0,0 +1,18 @@
+http:
+  routers:
+{% for item in traefik_routes %}
+    {{ item.service }}:
+      rule: "Host(`{{ item.name }}`)"
+      entryPoints:
+        - websecure
+      service: {{ item.service }}-svc
+      tls:
+        certResolver: transip
+{% endfor %}
+  services:
+{% for item in traefik_routes %}
+    {{ item.service }}-svc:
+      loadBalancer:
+        servers:
+          - url: "{{ item.proto }}://{{ item.host }}:{{ item.port }}"
+{% endfor %}
--- a/templates/traefik/traefik.yml.j2
+++ b/templates/traefik/traefik.yml.j2
@ -16,7 +16,6 @@ entryPoints:
        readTimeout: 0
        writeTimeout: 0
        idleTimeout: 0
-
 certificatesResolvers:
  transip:
    acme:
@ -24,28 +23,13 @@ certificatesResolvers:
        provider: "transip"
      email: "{{ traefik_letsencrypt_email }}"
      storage: "/acme.json"
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+{% if traefik_routes | selectattr('proto', 'equalto', 'https') | list | length > 0 %}
+serversTransport:
+  insecureSkipVerify: true
+{% endif %}

 providers:
  file:
-    filename: /traefik.yml
+    filename: /http.yml
    watch: true
-
-http:
-  routers:
-{% for item in traefik_routes %}
-    {{ item.service }}:
-      rule: "Host(`{{ item.name }}`)"
-      entryPoints:
-        - websecure
-      service: {{ item.service }}-svc
-      tls:
-        certResolver: transip
-{% endfor %}
-  services:
-{% for item in traefik_routes %}
-    {{ item.service }}-svc:
-      loadBalancer:
-        servers:
-          - url: "{{ item.proto }}://{{ item.host }}:{{ item.port }}"
-{% endfor %}
Author	SHA1	Message	Date
Renovate Bot	6fba14cdd2	chore(package): update cr.simoncor.net/dockerhub/library/traefik docker tag to v3.7.1 All checks were successful ci/woodpecker/push/linting Pipeline was successful Details	2026-05-15 12:46:51 +00:00
Simon Cornet	5331fe5b04	ci: migrate from gitlab ci to woodpecker All checks were successful ci/woodpecker/push/linting Pipeline was successful Details	2026-05-15 14:13:50 +02:00
Simon Cornet	9f85ee0413	feat: use pull-through cache for Docker Hub images Replace docker.io references with cr.simoncor.net/dockerhub pull-through cache. Official images now use explicit library/ namespace for cache compatibility.	2026-05-08 14:42:38 +02:00
Simon Cornet	6ca822dcb8	feat: bring back the notifier	2026-05-08 13:45:36 +02:00
Renovate Bot	a0b4bf435c	chore(package): update docker.io/traefik docker tag to v3.7.0	2026-05-06 04:47:25 +00:00
Renovate Bot	7d6cd5c63e	chore(package): update docker.io/traefik docker tag to v3.6.15	2026-04-30 04:47:25 +00:00
Renovate Bot	82aa12760f	chore(package): update docker.io/traefik docker tag to v3.6.14	2026-04-23 04:47:21 +00:00
Simon Cornet	812ce57ac9	feat: remove unrequired notify	2026-04-15 17:04:07 +02:00
Simon Cornet	8d38abc220	fix: add http volume mount	2026-04-15 17:03:27 +02:00
Simon Cornet	68aac107da	feat: various small fixes to the traefik config	2026-04-15 16:59:21 +02:00