CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 2 Wiki Activity Actions

move secrets from sops lookup plugin to sops vars plugin
Some checks failed
/ Ansible Lint (push) Failing after 1m54s
Details

Browse source 
This makes secret configuration and usage a good bit cleaner.
This commit is contained in:
June 2025-05-04 16:50:15 +02:00
commit 7f1afef50d
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
42 changed files with 2449 additions and 2446 deletions
Download patch file Download diff file Expand all files Collapse all files

10
resources/chaosknoten/pad/docker_compose/compose.yaml.j2
View file

@ -6,7 +6,7 @@ services:
image: docker.io/library/postgres:15-alpine
environment:
- "POSTGRES_USER=hedgedoc"
- "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['DB_PASSWORD']") }}"
- "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "POSTGRES_DB=hedgedoc"
volumes:
- database:/var/lib/postgresql/data
@ -16,7 +16,7 @@ services:
#image: quay.io/hedgedoc/hedgedoc:1.9.9
image: quay.io/hedgedoc/hedgedoc:latest
environment:
- "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['DB_PASSWORD']") }}@database:5432/hedgedoc"
- "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"
- "CMD_PROTOCOL_USESSL=true"
- "CMD_HSTS_ENABLE=false"
@ -35,7 +35,7 @@ services:
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
- "CMD_OAUTH2_CLIENT_ID=pad"
- "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['KC_SECRET']") }}"
- "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}"
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
- "CMD_OAUTH2_SCOPE=openid email profile"
volumes:
@ -53,11 +53,11 @@ services:
environment:
- "POSTGRES_HOSTNAME=database"
- "POSTGRES_USERNAME=hedgedoc"
- "POSTGRES_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['DB_PASSWORD']") }}"
- "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
- "SMTP_FROM=pad@hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=pad@hamburg.ccc.de"
- "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/pad/secrets.yaml", extract="['smtp_password']") }}"
- "SMTP_PASSWORD={{ secret__pad_smtp_password }}"
- "URL=https://pad.hamburg.ccc.de"
depends_on:
- database