Provide secrets for engelsystem VM from pass

2023-07-29 01:46:30 +02:00 · 2023-07-29 01:46:30 +02:00 · a12b38b284
parent f695afa981
commit a12b38b284
2 changed files with 3 additions and 4 deletions
--- a/inventories/z9/host_vars/engelsystem.yaml
+++ b/inventories/z9/host_vars/engelsystem.yaml
@ -1,4 +1,4 @@
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'configs/engelsystem/compose.yaml') }}"
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'configs/engelsystem/compose.yaml.j2') }}"
 docker_compose__configuration_files: []

 cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz
--- a/playbooks/templates/configs/engelsystem/compose.yaml.j2
+++ b/playbooks/templates/configs/engelsystem/compose.yaml.j2
@ -18,9 +18,8 @@ services:
      MAIL_HOST: send-only-mailserver.ccchh.net
      MAIL_PORT: 465
      MAIL_ENCRYPTION: tls
-      # MAIL_USERNAME and MAIL_PASSWORD are loaded from env file
-    env_file:
-      - engelsystem_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
+      MAIL_USERNAME: aes
+      MAIL_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/engelsystem/MAIL_PASSWORD", create=false, missing="error") }}
    ports:
      - "5080:80"
    networks: