Use DNS-01 on Cloudflare for wildcard LE certs

dev/host_vars/proxy.yml

@@ -1,17 +1,28 @@
+base_domain: vm.krislamo.org
+
 # base
 allow_reboot: false
 manage_network: false
 
 # proxy
 proxy:
-  - name: bitwarden
-    domain: "{{ bitwarden_domain }}"
-    proxy_pass: "http://127.0.0.1:8080"
-    production: false
-  - name: gitea
-    domain: "{{ gitea_domain }}"
-    proxy_pass: "http://127.0.0.1:3080"
-    production: false
+  #production: true
+  dns_cloudflare:
+    #email: realemail@example.com
+    #api_token: CLOUDFLARE_DNS01_API_TOKEN
+    wildcard_domains:
+      - "{{ base_domain }}"
+  servers:
+    - domain: "{{ bitwarden_domain }}"
+      proxy_pass: "http://127.0.0.1:8080"
+      tls:
+        cert: /etc/letsencrypt/live/{{ base_domain }}/fullchain.pem
+        key: /etc/letsencrypt/live/{{ base_domain }}/privkey.pem
+    - domain: "{{ gitea_domain }}"
+      proxy_pass: "http://127.0.0.1:3080"
+      tls:
+        cert: /etc/letsencrypt/live/{{ base_domain }}/fullchain.pem
+        key: /etc/letsencrypt/live/{{ base_domain }}/privkey.pem
 
 # docker
 docker_users:
@@ -19,14 +30,14 @@ docker_users:
 
 # bitwarden
 # Get Installation ID & Key at https://bitwarden.com/host/
-bitwarden_domain: vault.vm.krislamo.org
+bitwarden_domain: "vault.{{ base_domain }}"
 bitwarden_dbpass: password
 bitwarden_install_id: 4ea840a3-532e-4cb6-a472-abd900728b23
 bitwarden_install_key: 1yB3Z2gRI0KnnH90C6p
 #bitwarden_prodution: true
 
 # gitea
-gitea_domain: git.vm.krislamo.org
+gitea_domain: "git.{{ base_domain }}"
 gitea_version: 1
 gitea_dbversion: latest
 gitea_dbpass: password