added traefik config update (untested) + refactoring...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
2025-10-28 18:50:08 +00:00 · 2024-01-30 03:49:06 +03:00 · 2024-01-30 03:49:06 +03:00 · 1f49774770
commit 1f49774770
parent 15e6483e84
8 changed files with 74 additions and 48 deletions
--- a/.pct-helpers
+++ b/.pct-helpers
@ -418,6 +418,8 @@ readVars(){
 	xread -n "Email: " EMAIL
 	xread -n "Domain: " DOMAIN

+	xread -n "Gate ID: " GATE_ID
+
 	readCTVars

 	readBridgeVars
@ -615,10 +617,37 @@ pctPushAssets(){
 #
 #	traefikPushConfig
 #
-TRAEFIK_CFG=traefik.yml
+# XXX generate config in a staging location...
+TRAEFIK_CONFIG=traefik.yml
 TRAEFIK_PATH=/etc/traefik.d/
+TRAEFIK_STAGING=traefik/
 traefikPushConfig(){
-	# XXX 
+	local filename="${CTHOSTNAME}.yml"
+	local source="${TRAEFIK_STAGING}/${filename}"
+	local target="${TRAEFIK_PATH}"/"${filename}"
+
+	# source file not found...
+	if ! [ -e "${TRAEFIK_CONFIG}" ] ; then
+		echo "${TRAEFIK_CONFIG}: not found." >&2
+		return
+	fi
+
+	# generat config...
+	mkdir -p "${TRAEFIK_STAGING}"
+	cat ${TRAEFIK_CONFIG} \
+		| expandPCTTemplate \
+		> "${source}"
+
+	# get things we need if they are not set...
+	xread "Gate CT id: " GATE_ID
+
+	# check if $filename exists...
+	if @ lxc-attach $GATE_ID -- test -e ${target} \
+			&& ! xreadYes "Overwrite existing \"${target}\"?" ; then
+		@ lxc-attach $GATE_ID -- mv "${target}" "${target}.bak"
+	fi
+
+	@ pct push $GATE_ID "${source}" "${target}"
 }


@ -823,18 +852,17 @@ pctSetNotes(){
 	local NOTES="$(\
 		echo -e "${2:-${DESCRIPTION}}" \
 			| sed -e 's/^/#/')"
+
+	if [ "$DRY_RUN" ] ; then
+		return
+	fi
+
 	local CONF="$(cat "${CT_DIR}/${ID}.conf")"
 	local TEXT="\
 "${NOTES}"
 "${CONF}"
 "
-	if [ "$DRY_RUN" ] ; then
-		echo "--- ${CT_DIR}/${ID}.conf ---"
-		echo -e "${TEXT}"
-		echo "---"
-	else
 	echo -e "${TEXT}" > "${CT_DIR}/${ID}.conf"
-	fi
 }


@ -846,9 +874,9 @@ showNotes(){
 	[ -e "${BUILD_NOTES}" ] \
 		&& mv "${BUILD_NOTES}"{,.bak}
 	[ -e "${BUILD_NOTES}".tpl ] \
-		&& cat "${BUILD_NOTES}".tpl \
+		&& ( cat "${BUILD_NOTES}".tpl \
 			| expandPCTTemplate $@ \
-			| tee "${BUILD_NOTES}" 
+			| tee "${BUILD_NOTES}" )
 }

 #
--- a/4
+++ b/4
@ -107,7 +107,9 @@ all: minimal $(APP_CTs)

 .PHONY: clean
 clean:
-	-rm -rf */staging
+	-rm -rf \
+		*/staging \
+		*/traefik



--- a/gitea/templates/etc/traefik.d/gitea.yml
+++ b/gitea/templates/etc/traefik.d/gitea.yml
@ -1,29 +1,29 @@
 tcp:
  routers:
-    gitea:
+    ${CTHOSTNAME}:
      entryPoints:
        - ssh
-      service: gitea
+      service: ${CTHOSTNAME}
      rule: "HostSNI(`*`)"

  services:
-    gitea:
+    ${CTHOSTNAME}:
      loadBalancer:
        servers:
-          - address: gitea.srv:22
+          - address: ${CTHOSTNAME}.srv:22

 http:
  routers:
-    gitea:
+    ${CTHOSTNAME}:
      entryPoints:
        - https
-      service: gitea
+      service: ${CTHOSTNAME}
      rule: "Host(`${DOMAIN}`)"
      tls:
        certResolver: letsEncrypt

  services:
-    gitea:
+    ${CTHOSTNAME}:
      loadBalancer:
        servers:
-          - url: https://gitea.srv/
+          - url: https://${CTHOSTNAME}.srv/
--- a/nextcloud/templates/etc/traefik.d/nextcloud.yml
+++ b/nextcloud/templates/etc/traefik.d/nextcloud.yml
@ -1,15 +1,15 @@
 http:
  routers:
-    nextcloud:
+    ${CTHOSTNAME}:
      entryPoints:
        - https
-      service: nextcloud
+      service: ${CTHOSTNAME}
      rule: "Host(`${DOMAIN}`)"
      tls:
        certResolver: letsEncrypt

  services:
-    nextcloud:
+    ${CTHOSTNAME}:
      loadBalancer:
        servers:
-          - url: https://nextcloud.srv/
+          - url: https://${CTHOSTNAME}.srv/
--- a/ssh/make.sh
+++ b/ssh/make.sh
@ -37,6 +37,8 @@ REBOOT=${REBOOT:=1}
 DFL_WAN_SSH_IP=${DFL_WAN_SSH_IP:=}
 xread "WAN ssh ip:" WAN_SSH_IP

+#xread "Gate CT id: " GATE_ID
+
 readVars


@ -89,6 +91,8 @@ pctSetNotes $ID

 saveLastRunConfig

+traefikPushConfig
+
 showNotes
 echo "# Done."

--- a/ssh/assets/etc/traefik.d/ssh.yml
+++ b/ssh/assets/etc/traefik.d/ssh.yml
@ -1,13 +1,13 @@
 tcp:
  routers:
-    ssh:
+    ${CTHOSTNAME}:
      entryPoints:
        - ssh2
-      service: ssh
+      service: ${CTHOSTNAME}
      rule: "HostSNI(`*`)"

  services:
-    ssh:
+    ${CTHOSTNAME}:
      loadBalancer:
        servers:
-          - address: ssh.srv:22
+          - address: ${CTHOSTNAME}.srv:22
--- a/wireguard/assets/etc/traefik.d/wireguard.yml
+++ b/wireguard/assets/etc/traefik.d/wireguard.yml
@ -1,20 +0,0 @@
-udp:
-  routers:
-    wireguard-admin:
-      entryPoints:
-        - wireguard2
-      service: wireguard-admin
-    wireguard-client:
-      entryPoints:
-        - wireguard
-      service: wireguard-client
-
-  services:
-    wireguard-admin:
-      loadBalancer:
-        servers:
-          - address: wireguard.srv:51820
-    wireguard-client:
-      loadBalancer:
-        servers:
-          - address: wireguard-client.srv:51820
--- a/wireguard/traefik.yml
+++ b/wireguard/traefik.yml
@ -0,0 +1,12 @@
+udp:
+  routers:
+    ${CTHOSTNAME}:
+      entryPoints:
+        - wireguard2
+      service: ${CTHOSTNAME}
+
+  services:
+    ${CTHOSTNAME}:
+      loadBalancer:
+        servers:
+          - address: ${CTHOSTNAME}.srv:51820