feat(drawio): support extra hostnames via drawio_extra_domains

Add drawio_extra_domains (list, default empty). The traefik Host rule
on the drawio router now expands to Host(<canonical>) || Host(<extra>)
... so the same container can answer on additional FQDNs — e.g. an
internal *.int.* name so a DMZ reverse-proxy can reach drawio via a
backend hostname covered by the local traefik cert.

Empty by default; behaviour unchanged for existing inventories.

roles/drawio/defaults/main.yml

@@ -11,6 +11,10 @@ drawio_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ drawio_service_name
 
 # Service configuration
 drawio_domain: "drawio.local.test"
+# Additional hostnames the same drawio container should answer on
+# (e.g. an internal *.int.* FQDN so a DMZ reverseproxy can reach
+# drawio via a backend hostname covered by the local traefik cert).
+drawio_extra_domains: []
 drawio_image: "jgraph/drawio:latest"
 drawio_port: 8080
 drawio_extra_hosts: []

roles/drawio/templates/docker-compose.yml.j2

@@ -14,7 +14,7 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network={{ drawio_traefik_network }}
-      - traefik.http.routers.{{ drawio_service_name }}.rule=Host(`{{ drawio_domain }}`)
+      - traefik.http.routers.{{ drawio_service_name }}.rule={% set _all_domains = [drawio_domain] + (drawio_extra_domains | default([])) %}{% for d in _all_domains %}Host(`{{ d }}`){% if not loop.last %} || {% endif %}{% endfor +%}
       - traefik.http.services.{{ drawio_service_name }}.loadbalancer.server.port={{ drawio_port }}
 {% if drawio_use_ssl %}
       - traefik.http.routers.{{ drawio_service_name }}.entrypoints=websecure