move secrets from sops lookup plugin to sops vars plugin

This makes secret configuration and usage a good bit cleaner.
2025-05-04 16:50:15 +02:00 · 2025-05-04 16:50:15 +02:00 · 7f1afef50d
commit 7f1afef50d
parent 66e2e354b1
42 changed files with 2449 additions and 2446 deletions
--- a/inventories/chaosknoten/host_vars/grafana.yaml
+++ b/inventories/chaosknoten/host_vars/grafana.yaml
@ -50,7 +50,7 @@ alloy_config: |
      url = "https://metrics.hamburg.ccc.de/api/v1/write"
      basic_auth {
        username = "chaos"
-        password = "{{ lookup('community.sops.sops', 'resources/chaosknoten/grafana/secrets.yaml', extract='['metrics_chaos"]') }}"
+        password = "{{ secret__metrics_chaos }}"
      }
    }
  }
@ -59,7 +59,7 @@ alloy_config: |
      url = "https://loki.hamburg.ccc.de/loki/api/v1/push"
      basic_auth {
        username = "chaos"
-        password = "{{ lookup('community.sops.sops', 'resources/chaosknoten/grafana/secrets.yaml', extract='["loki_chaos"]') }}"
+        password = "{{ secret__loki_chaos }}"
      }
    }
  }