systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 14 Activity Actions

Extract plausible secrets to dedicated vault

Browse source
This commit is contained in:
Jake Howard 2021-12-21 19:57:43 +00:00
parent fcda77e750
commit 66662594d0
Signed by: jake
GPG key ID: 57AFB45680EDD477
4 changed files with 23 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ansible/roles/plausible/files/docker-compose.yml
View file

@ -22,8 +22,8 @@ services:
- traefik.http.routers.plausible-embed.middlewares=plausible-index
environment:
- SECRET_KEY_BASE={{ secret_key }}
- SIGNING_SALT={{ signing_salt }}
- SECRET_KEY_BASE={{ plausible_secret_key }}
- SIGNING_SALT={{ plausible_signing_salt }}
- DATABASE_URL=postgres://plausible:plausible@db:5432/plausible
- DISABLE_REGISTRATION=true
- DISABLE_SUBSCRIPTION=true

3
ansible/roles/plausible/tasks/main.yml
View file

@ -1,3 +1,6 @@
- name: Include vault
include_vars: vault.yml
- name: Create install directory
file:
path: /opt/plausible

23
ansible/roles/plausible/vars/main.yml
View file

@ -1,21 +1,2 @@
secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
39336333353061326461306663306661393465646536323664353933643030623561393732323438
3162376361386238623238323765376261303431643530660a646234653266326264336636343264
38396537646661386435353134663033336133646233343334356364663136373233623436383862
6139326335313830370a623737303837643630613535363534613663343163353330626131376435
61346534303264643065663763653837396530333166336364346234663031616565666163323631
64626666626466333131353264313166313139623865393833393766636466383139323463313263
36376337623437346465346665633732333264333662363632623235326262626339366434396563
64326232306534656161343638316166313763333834393065323965626465663136356332636463
62343466396637643466373561316665333238393964306232353239303062653432303466666638
62623038393639393339303661633039306463306364656339656164313033643536356266363939
613233393837653836633837373339653934
signing_salt: !vault |
$ANSIBLE_VAULT;1.1;AES256
35366665313061333735636265386535663830666531376365323033353338653536633334646566
3065393638663934623237336561633365303664613863350a326661393439393532316666653134
61353939626433396530636665636439313966636130386365396535326239366331646664383562
3763326533373266620a376230613664633332663065393561656565653634366130323534633865
35336236653664373131343364373637653261303030663239333534653432386438343162393866
3563353137633338623239346538643662393537313932386366
plausible_secret_key: "{{ vault_plausible_secret_key }}"
plausible_signing_salt: "{{ vault_plausible_signing_salt }}"

16
ansible/roles/plausible/vars/vault.yml Normal file
View file

@ -0,0 +1,16 @@
$ANSIBLE_VAULT;1.1;AES256
31656261333332323730306162626265323432313264663230303264623662353065393362616635
6131376236383233646366663264653663363930653937650a373264623632633130626330343264
66633064303765323666323162376262636461626563626134613230326635616636386463393931
6633373864666139310a636137346161333738396335346239623334663061353231326337343436
63313338336535356538316132393066343965646466633864666263356139363934316161363062
65646236663464626335636661623063626166633363336237303738393739346232623132386432
39663561313139636261323238373163333432643237333334393364323831636266636132316261
32396235663364353439386430653765663063343761323832323332383538323934656131373034
31356665623632646163626361353462396531323263346162626236396333396564306631613766
31313136613938383661643263373064366566616432306263643235626461653465613134623738
62323630613533316138363837303366373835653661626332656638646265356538383535636436
64356332363662356630613839373039323463306362313937313364613736363832323830656163
64356537363935613362386436656434333338313565613464346534616634653532343566643739
33303037636633623163363465663630366333323464666231333432643133646636643130383034
326237356631656161376530303139633032