feat(traefik): configurable extra_hosts for container DNS overrides

Add `traefik_extra_hosts` (list of `host:ip`) that maps straight into the traefik container's compose `extra_hosts`. Needed when a downstream middleware (e.g. ForwardAuth to authentik on a sibling LAN) has to resolve a public FQDN to an internal IP because the DMZ doesn't hairpin the public address back inside. Empty by default; behaviour unchanged for existing inventories.
2026-05-26 14:02:43 +02:00 · 2026-05-26 14:02:43 +02:00 · afe5950d77
commit afe5950d77
parent 02d45026a5
2 changed files with 13 additions and 0 deletions
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@ -33,6 +33,12 @@ services:
 {% endif %}
    networks:
      - {{ traefik_network }}
+{% if traefik_extra_hosts | default([]) | length > 0 %}
+    extra_hosts:
+{%   for h in traefik_extra_hosts %}
+      - "{{ h }}"
+{%   endfor %}
+{% endif %}

 networks:
  {{ traefik_network }}: