From e3db24a0371bc684cc7a87f7e7cc32ef6b793452 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 10 Feb 2025 20:42:46 +0000
Subject: [PATCH] Update Traefik to v3

---
 ansible/roles/traefik/files/docker-compose.yml     |  2 +-
 ansible/roles/traefik/files/file-provider-main.yml |  4 ++--
 ansible/roles/traefik/files/traefik.yml            | 11 ++++++-----
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml
index 333b96e..f0fd156 100644
--- a/ansible/roles/traefik/files/docker-compose.yml
+++ b/ansible/roles/traefik/files/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   traefik:
-    image: traefik:v2.11
+    image: traefik:v3
     user: "{{ docker_user.id }}"
     environment:
       - CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
diff --git a/ansible/roles/traefik/files/file-provider-main.yml b/ansible/roles/traefik/files/file-provider-main.yml
index ef97728..131be53 100644
--- a/ansible/roles/traefik/files/file-provider-main.yml
+++ b/ansible/roles/traefik/files/file-provider-main.yml
@@ -10,7 +10,7 @@ http:
           Permissions-Policy: interest-cohort=()
 
     tailscale-only:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "{{ tailscale_cidr }}"
           - "{{ tailscale_cidr_ipv6 }}"
@@ -18,7 +18,7 @@ http:
           - "{{ pve_hosts.forrest.ipv6 }}"
 
     private-access:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "{{ tailscale_cidr }}"
           - "{{ tailscale_cidr_ipv6 }}"
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index 3697b4b..a46cde0 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -18,12 +18,12 @@ entryPoints:
         - floc-block@file
         - compress@file
       tls:
-        certresolver: le
+        certResolver: le
         domains:
           - main: theorangeone.net
-            sans: "*.theorangeone.net"
+            sans: ["*.theorangeone.net"]
           - main: jakehoward.tech
-            sans: "*.jakehoward.tech"
+            sans: ["*.jakehoward.tech"]
     proxyProtocol:
       trustedIPs:
         - "{{ pve_hosts.ingress.ip }}/32"
@@ -47,6 +47,7 @@ providers:
 api:
   dashboard: true
   insecure: true
+  disableDashboardAd: true
 
 certificatesResolvers:
   le:
@@ -55,7 +56,7 @@ certificatesResolvers:
       storage: /etc/traefik/acme.json
       dnsChallenge:
         provider: cloudflare
-        delayBeforeCheck: 0
+        delayBeforeCheck: 0s
         resolvers:
           - 1.1.1.1:53
           - 1.0.0.1:53
@@ -66,7 +67,7 @@ certificatesResolvers:
       storage: /etc/traefik/acme.json
       dnsChallenge:
         provider: gandiv5
-        delayBeforeCheck: 0
+        delayBeforeCheck: 0s
         resolvers:
           - 1.1.1.1:53
           - 1.0.0.1:53