fix: update ansible playbooks and scripts to use new vault references
This commit is contained in:
@@ -6,7 +6,7 @@
|
||||
caddy_service_dir: "{{ ansible_env.HOME }}/services/caddy"
|
||||
caddy_data_dir: "{{ '/mnt/services/caddy' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/caddy' }}"
|
||||
geoip_db_path: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/echoip' }}"
|
||||
caddy_email: "{{ lookup('community.general.onepassword', 'qwvcr4cuumhqh3mschv57xdqka', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='email') }}"
|
||||
caddy_email: "{{ lookup('community.general.onepassword', 'Caddy (Proxy)', vault='Dotfiles', field='email') }}"
|
||||
|
||||
- name: Create Caddy directory
|
||||
ansible.builtin.file:
|
||||
|
||||
@@ -19,10 +19,10 @@ services:
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=100
|
||||
- VPN_SERVICE_PROVIDER={{ lookup('community.general.onepassword', 'qm7lxjrv2ctgzsjuwtolxpd5i4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='VPN_SERVICE_PROVIDER') }}
|
||||
- OPENVPN_USER={{ lookup('community.general.onepassword', 'qm7lxjrv2ctgzsjuwtolxpd5i4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='OPENVPN_USER') }}
|
||||
- OPENVPN_PASSWORD={{ lookup('community.general.onepassword', 'qm7lxjrv2ctgzsjuwtolxpd5i4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='OPENVPN_PASSWORD') }}
|
||||
- SERVER_COUNTRIES={{ lookup('community.general.onepassword', 'qm7lxjrv2ctgzsjuwtolxpd5i4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='SERVER_COUNTRIES') }}
|
||||
- VPN_SERVICE_PROVIDER={{ lookup('community.general.onepassword', 'Gluetun', vault='Dotfiles', field='VPN_SERVICE_PROVIDER') }}
|
||||
- OPENVPN_USER={{ lookup('community.general.onepassword', 'Gluetun', vault='Dotfiles', field='OPENVPN_USER') }}
|
||||
- OPENVPN_PASSWORD={{ lookup('community.general.onepassword', 'Gluetun', vault='Dotfiles', field='OPENVPN_PASSWORD') }}
|
||||
- SERVER_COUNTRIES={{ lookup('community.general.onepassword', 'Gluetun', vault='Dotfiles', field='SERVER_COUNTRIES') }}
|
||||
restart: always
|
||||
|
||||
sabnzbd:
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
ansible.builtin.set_fact:
|
||||
echoip_service_dir: "{{ ansible_env.HOME }}/services/echoip"
|
||||
echoip_data_dir: "{{ '/mnt/services/echoip' if inventory_hostname == 'mennos-server' else '/mnt/object_storage/services/echoip' }}"
|
||||
maxmind_account_id: "{{ lookup('community.general.onepassword', 'finpwvqp6evflzjcsnwge74n34',
|
||||
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='account_id') | regex_replace('\\s+', '') }}"
|
||||
maxmind_license_key: "{{ lookup('community.general.onepassword', 'finpwvqp6evflzjcsnwge74n34',
|
||||
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='license_key') | regex_replace('\\s+', '') }}"
|
||||
maxmind_account_id: "{{ lookup('community.general.onepassword', 'MaxMind',
|
||||
vault='Dotfiles', field='account_id') | regex_replace('\\s+', '') }}"
|
||||
maxmind_license_key: "{{ lookup('community.general.onepassword', 'MaxMind',
|
||||
vault='Dotfiles', field='license_key') | regex_replace('\\s+', '') }}"
|
||||
|
||||
- name: Create EchoIP directory
|
||||
ansible.builtin.file:
|
||||
|
||||
@@ -23,7 +23,7 @@ services:
|
||||
- PUID=1000
|
||||
- PGID=100
|
||||
- POSTGRES_USER=gitea
|
||||
- POSTGRES_PASSWORD={{ lookup('community.general.onepassword', '4gnclyzztfgqq7yxa3ctxs6tey', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='POSTGRES_PASSWORD') }}
|
||||
- POSTGRES_PASSWORD={{ lookup('community.general.onepassword', 'Gitea', vault='Dotfiles', field='POSTGRES_PASSWORD') }}
|
||||
- POSTGRES_DB=gitea
|
||||
volumes:
|
||||
- {{gitea_data_dir}}/postgres:/var/lib/postgresql/data
|
||||
@@ -40,7 +40,7 @@ services:
|
||||
- PUID=1000
|
||||
- PGID=100
|
||||
- GITEA_INSTANCE_URL=https://git.mvl.sh
|
||||
- GITEA_RUNNER_REGISTRATION_TOKEN={{ lookup('community.general.onepassword', '4gnclyzztfgqq7yxa3ctxs6tey', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='GITEA_RUNNER_REGISTRATION_TOKEN') }}
|
||||
- GITEA_RUNNER_REGISTRATION_TOKEN={{ lookup('community.general.onepassword', 'Gitea', vault='Dotfiles', field='GITEA_RUNNER_REGISTRATION_TOKEN') }}
|
||||
- GITEA_RUNNER_NAME=act-worker
|
||||
- CONFIG_FILE=/config.yaml
|
||||
restart: always
|
||||
|
||||
@@ -4,7 +4,7 @@ services:
|
||||
image: ghcr.io/tailscale/golink:main
|
||||
user: root
|
||||
environment:
|
||||
- TS_AUTHKEY={{ lookup('community.general.onepassword', '4gsgavajnxfpcrjvbkqhoc4drm', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='TS_AUTHKEY') }}
|
||||
- TS_AUTHKEY={{ lookup('community.general.onepassword', 'GoLink', vault='Dotfiles', field='TS_AUTHKEY') }}
|
||||
volumes:
|
||||
- {{ golink_data_dir }}:/home/nonroot
|
||||
restart: "unless-stopped"
|
||||
|
||||
@@ -10,6 +10,6 @@ TZ=Europe/Amsterdam
|
||||
PUID=1000
|
||||
PGID=100
|
||||
|
||||
NEXTAUTH_SECRET="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='NEXTAUTH_SECRET') }}"
|
||||
MEILI_MASTER_KEY="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MEILI_MASTER_KEY') }}"
|
||||
OPENAI_API_KEY="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='OPENAI_API_KEY') }}"
|
||||
NEXTAUTH_SECRET="{{ lookup('community.general.onepassword', 'Kara Keep', vault='Dotfiles', field='NEXTAUTH_SECRET') }}"
|
||||
MEILI_MASTER_KEY="{{ lookup('community.general.onepassword', 'Kara Keep', vault='Dotfiles', field='MEILI_MASTER_KEY') }}"
|
||||
OPENAI_API_KEY="{{ lookup('community.general.onepassword', 'Kara Keep', vault='Dotfiles', field='OPENAI_API_KEY') }}"
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
- name: Set Redis facts
|
||||
ansible.builtin.set_fact:
|
||||
redis_service_dir: "{{ ansible_env.HOME }}/services/juicefs-redis"
|
||||
redis_password: "{{ lookup('community.general.onepassword', '4cioblm633bdkl6put35lk6ql4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }}"
|
||||
redis_password: "{{ lookup('community.general.onepassword', 'JuiceFS (Redis)', vault='Dotfiles', field='password') }}"
|
||||
|
||||
- name: Create Redis service directory
|
||||
ansible.builtin.file:
|
||||
|
||||
@@ -22,26 +22,26 @@
|
||||
# Database settings
|
||||
seafile_mysql_db_host: "db"
|
||||
seafile_mysql_root_password: >
|
||||
{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4',
|
||||
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }}
|
||||
{{ lookup('community.general.onepassword', 'Seafile',
|
||||
vault='Dotfiles', field='MYSQL_ROOT_PASSWORD') }}
|
||||
seafile_mysql_db_user: "seafile"
|
||||
seafile_mysql_db_password: >
|
||||
{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4',
|
||||
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_PASSWORD') }}
|
||||
{{ lookup('community.general.onepassword', 'Seafile',
|
||||
vault='Dotfiles', field='MYSQL_PASSWORD') }}
|
||||
|
||||
# Server settings
|
||||
time_zone: "Europe/Amsterdam"
|
||||
jwt_private_key: >
|
||||
{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4',
|
||||
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='jwt_private_key') }}
|
||||
{{ lookup('community.general.onepassword', 'Seafile',
|
||||
vault='Dotfiles', field='jwt_private_key') }}
|
||||
seafile_server_hostname: "sf.mvl.sh"
|
||||
seafile_server_protocol: "https"
|
||||
|
||||
# Admin credentials
|
||||
seafile_admin_email: "menno@vleeuwen.me"
|
||||
seafile_admin_password: >
|
||||
{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4',
|
||||
vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }}
|
||||
{{ lookup('community.general.onepassword', 'Seafile',
|
||||
vault='Dotfiles', field='password') }}
|
||||
|
||||
- name: Create Seafile directories
|
||||
ansible.builtin.file:
|
||||
|
||||
Reference in New Issue
Block a user