CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

move secrets from sops lookup plugin to sops vars plugin
Some checks failed
/ Ansible Lint (push) Failing after 1m54s
Details

Browse source 
This makes secret configuration and usage a good bit cleaner.
This commit is contained in:
June 2025-05-04 16:50:15 +02:00
commit 7f1afef50d
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
42 changed files with 2449 additions and 2446 deletions
Download patch file Download diff file Expand all files Collapse all files

2
resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
View file

@ -34,7 +34,7 @@ receivers:
- name: "ccchh-infrastructure-alerts"
telegram_configs:
- send_resolved: true
bot_token: {{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['alertmanager_telegram_bot_token']") }}
bot_token: {{ secret__alertmanager_telegram_bot_token }}
chat_id: -1002434372415
parse_mode: HTML
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}

4
resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
View file

@ -36,7 +36,7 @@ services:
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_USER=admin
- "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['GF_SECURITY_ADMIN_PASSWORD']") }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ secret__grafana_gf_security_admin_password }}"
volumes:
- ./configs/grafana.ini:/etc/grafana/grafana.ini
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
@ -50,7 +50,7 @@ services:
restart: unless-stopped
environment:
- PVE_USER=grafana@pve
- "PVE_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['prometheus-exporter']") }}"
- "PVE_PASSWORD={{ secret__prometheus_pve_exporter_pve_password }}"
- PVE_VERIFY_SSL=false
volumes:
- /dev/null:/etc/prometheus/pve.yml

2
resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
View file

@ -11,7 +11,7 @@ auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
client_secret = {{ lookup("community.sops.sops", "resources/chaosknoten/grafana/secrets.yaml", extract="['KEYCLOAK_SECRET']") }}
client_secret = {{ secret__grafana_keycloak_secret }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username