From a9c33baed904aaf103565b7be06cf33a7785043f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20B=C3=A4rlocher?= <simon@whatwedo.ch>
Date: Tue, 26 May 2026 14:16:23 +0200
Subject: [PATCH] feat(drawio): support extra hostnames via
 drawio_extra_domains
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add drawio_extra_domains (list, default empty). The traefik Host rule
on the drawio router now expands to Host(<canonical>) || Host(<extra>)
... so the same container can answer on additional FQDNs — e.g. an
internal *.int.* name so a DMZ reverse-proxy can reach drawio via a
backend hostname covered by the local traefik cert.

Empty by default; behaviour unchanged for existing inventories.
---
 roles/drawio/defaults/main.yml               | 4 ++++
 roles/drawio/templates/docker-compose.yml.j2 | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/drawio/defaults/main.yml b/roles/drawio/defaults/main.yml
index 2b2b758..22b9238 100644
--- a/roles/drawio/defaults/main.yml
+++ b/roles/drawio/defaults/main.yml
@@ -11,6 +11,10 @@ drawio_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ drawio_service_name
 
 # Service configuration
 drawio_domain: "drawio.local.test"
+# Additional hostnames the same drawio container should answer on
+# (e.g. an internal *.int.* FQDN so a DMZ reverseproxy can reach
+# drawio via a backend hostname covered by the local traefik cert).
+drawio_extra_domains: []
 drawio_image: "jgraph/drawio:latest"
 drawio_port: 8080
 drawio_extra_hosts: []
diff --git a/roles/drawio/templates/docker-compose.yml.j2 b/roles/drawio/templates/docker-compose.yml.j2
index c9b0c9a..65eb396 100644
--- a/roles/drawio/templates/docker-compose.yml.j2
+++ b/roles/drawio/templates/docker-compose.yml.j2
@@ -14,7 +14,7 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network={{ drawio_traefik_network }}
-      - traefik.http.routers.{{ drawio_service_name }}.rule=Host(`{{ drawio_domain }}`)
+      - traefik.http.routers.{{ drawio_service_name }}.rule={% set _all_domains = [drawio_domain] + (drawio_extra_domains | default([])) %}{% for d in _all_domains %}Host(`{{ d }}`){% if not loop.last %} || {% endif %}{% endfor +%}
       - traefik.http.services.{{ drawio_service_name }}.loadbalancer.server.port={{ drawio_port }}
 {% if drawio_use_ssl %}
       - traefik.http.routers.{{ drawio_service_name }}.entrypoints=websecure