diff --git a/ansible/host_vars/restic/main.yml b/ansible/host_vars/restic/main.yml index 1ae482c..b321b34 100644 --- a/ansible/host_vars/restic/main.yml +++ b/ansible/host_vars/restic/main.yml @@ -3,7 +3,5 @@ restic_backup_locations: - /mnt/host/mnt/speed - /mnt/host/etc/pve - /mnt/home-assistant -restic_healthchecks_id: "{{ vault_restic_healthchecks_id }}" restic_forget: true -restic_forget_healthchecks_id: "{{ vault_restic_forget_healthchecks_id }}" diff --git a/ansible/host_vars/walker/main.yml b/ansible/host_vars/walker/main.yml index f3e016e..288c1c9 100644 --- a/ansible/host_vars/walker/main.yml +++ b/ansible/host_vars/walker/main.yml @@ -1,3 +1,2 @@ restic_backup_locations: - /opt -restic_healthchecks_id: "{{ vault_restic_healthchecks_id }}" diff --git a/ansible/roles/authentik/files/docker-compose.yml b/ansible/roles/authentik/files/docker-compose.yml index 566caed..186981f 100644 --- a/ansible/roles/authentik/files/docker-compose.yml +++ b/ansible/roles/authentik/files/docker-compose.yml @@ -6,18 +6,18 @@ x-env: &env - AUTHENTIK_POSTGRESQL__HOST=db - AUTHENTIK_POSTGRESQL__USER=authentik - AUTHENTIK_POSTGRESQL__NAME=authentik - - AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }} - - AUTHENTIK_SECRET_KEY={{ authentik_secret_key }} + - AUTHENTIK_POSTGRESQL__PASSWORD={{ vault_authentik_db_password }} + - AUTHENTIK_SECRET_KEY={{ vault_authentik_secret_key }} - AUTHENTIK_WEB__WORKERS=1 - AUTHENTIK_DISABLE_UPDATE_CHECK=true - AUTHENTIK_ERROR_REPORTING__ENABLED=false - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true - AUTHENTIK_EMAIL__HOST=smtp.eu.mailgun.org - AUTHENTIK_EMAIL__PORT=465 - - AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }} - - AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }} + - AUTHENTIK_EMAIL__USERNAME={{ vault_authentik_email_username }} + - AUTHENTIK_EMAIL__PASSWORD={{ vault_authentik_email_password }} - AUTHENTIK_EMAIL__USE_TLS=true - - AUTHENTIK_EMAIL__FROM={{ authentik_email_from }} + - AUTHENTIK_EMAIL__FROM={{ vault_authentik_email_from }} services: server: @@ -64,7 +64,7 @@ services: volumes: - /mnt/speed/dbs/postgres/authentik:/var/lib/postgresql/data environment: - - POSTGRES_PASSWORD={{ authentik_db_password }} + - POSTGRES_PASSWORD={{ vault_authentik_db_password }} - POSTGRES_USER=authentik redis: diff --git a/ansible/roles/authentik/vars/main.yml b/ansible/roles/authentik/vars/main.yml deleted file mode 100644 index ad95e8b..0000000 --- a/ansible/roles/authentik/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -authentik_db_password: "{{ vault_authentik_db_password }}" -authentik_secret_key: "{{ vault_authentik_secret_key }}" -authentik_email_username: "{{ vault_authentik_email_username }}" -authentik_email_password: "{{ vault_authentik_email_password }}" -authentik_email_from: "{{ vault_authentik_email_from }}" diff --git a/ansible/roles/commento/files/docker-compose.yml b/ansible/roles/commento/files/docker-compose.yml index d4430be..9c741a7 100644 --- a/ansible/roles/commento/files/docker-compose.yml +++ b/ansible/roles/commento/files/docker-compose.yml @@ -17,15 +17,15 @@ services: - COMMENTO_ORIGIN=https://commento.theorangeone.net - COMMENTO_GZIP_STATIC=true - COMMENTO_FORBID_NEW_OWNERS=true - - COMMENTO_GITHUB_KEY={{ commento_github_client_id }} - - COMMENTO_GITHUB_SECRET={{ commento_github_client_secret }} + - COMMENTO_GITHUB_KEY={{ vault_commento_github_client_id }} + - COMMENTO_GITHUB_SECRET={{ vault_commento_github_client_secret }} - COMMENTO_SMTP_HOST=smtp.eu.mailgun.org - COMMENTO_SMTP_PORT=587 - - COMMENTO_SMTP_USERNAME={{ commento_smtp_username }} - - COMMENTO_SMTP_PASSWORD={{ commento_smtp_password }} - - COMMENTO_SMTP_FROM_ADDRESS={{ commento_from_email }} - - COMMENTO_GITLAB_KEY={{ commento_gitlab_application_id }} - - COMMENTO_GITLAB_SECRET={{ commento_gitlab_application_secret }} + - COMMENTO_SMTP_USERNAME={{ vault_commento_smtp_username }} + - COMMENTO_SMTP_PASSWORD={{ vault_commento_smtp_password }} + - COMMENTO_SMTP_FROM_ADDRESS={{ vault_commento_from_email }} + - COMMENTO_GITLAB_KEY={{ vault_commento_gitlab_application_id }} + - COMMENTO_GITLAB_SECRET={{ vault_commento_gitlab_application_secret }} db: image: postgres:14-alpine diff --git a/ansible/roles/commento/vars/main.yml b/ansible/roles/commento/vars/main.yml deleted file mode 100644 index 7c6266b..0000000 --- a/ansible/roles/commento/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -commento_github_client_id: "{{ vault_commento_github_client_id }}" -commento_github_client_secret: "{{ vault_commento_github_client_secret }}" -commento_smtp_username: "{{ vault_commento_smtp_username }}" -commento_smtp_password: "{{ vault_commento_smtp_password }}" -commento_from_email: "{{ vault_commento_from_email }}" -commento_gitlab_application_id: "{{ vault_commento_gitlab_application_id }}" -commento_gitlab_application_secret: "{{ vault_commento_gitlab_application_secret }}" diff --git a/ansible/roles/db_auto_backup/files/docker-compose.yml b/ansible/roles/db_auto_backup/files/docker-compose.yml index 13876d0..dced336 100644 --- a/ansible/roles/db_auto_backup/files/docker-compose.yml +++ b/ansible/roles/db_auto_backup/files/docker-compose.yml @@ -8,7 +8,7 @@ services: - "{{ db_backups_dir }}:/var/backups" environment: - DOCKER_HOST=tcp://docker_proxy:2375 - - HEALTHCHECKS_ID={{ db_auto_backup_healthchecks_id }} + - HEALTHCHECKS_ID={{ vault_db_auto_backup_healthchecks_id }} depends_on: - docker_proxy diff --git a/ansible/roles/db_auto_backup/vars/main.yml b/ansible/roles/db_auto_backup/vars/main.yml deleted file mode 100644 index afa6846..0000000 --- a/ansible/roles/db_auto_backup/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -db_auto_backup_healthchecks_id: "{{ vault_db_auto_backup_healthchecks_id }}" diff --git a/ansible/roles/forrest/files/grafana/docker-compose.yml b/ansible/roles/forrest/files/grafana/docker-compose.yml index b2a5750..1b4809d 100644 --- a/ansible/roles/forrest/files/grafana/docker-compose.yml +++ b/ansible/roles/forrest/files/grafana/docker-compose.yml @@ -15,9 +15,9 @@ services: - GF_SMTP_ENABLED=true - GF_SMTP_HOST=smtp.eu.mailgun.org:465 - - GF_SMTP_USER={{ grafana_smtp_user }} - - GF_SMTP_PASSWORD={{ grafana_smtp_password }} - - GF_SMTP_FROM_ADDRESS={{ grafana_from_email }} + - GF_SMTP_USER={{ vault_grafana_smtp_user }} + - GF_SMTP_PASSWORD={{ vault_grafana_smtp_password }} + - GF_SMTP_FROM_ADDRESS={{ vault_grafana_from_email }} - GF_SMTP_FROM_NAME=grafana volumes: - "{{ app_data_dir }}/grafana:/var/lib/grafana" diff --git a/ansible/roles/forrest/files/prometheus/alertmanager.yml b/ansible/roles/forrest/files/prometheus/alertmanager.yml index 2c7c5af..3d2b535 100644 --- a/ansible/roles/forrest/files/prometheus/alertmanager.yml +++ b/ansible/roles/forrest/files/prometheus/alertmanager.yml @@ -1,9 +1,9 @@ global: resolve_timeout: 3m smtp_smarthost: smtp.eu.mailgun.org:465 - smtp_from: "{{ alertmanager_from_address }}" - smtp_auth_username: "{{ alertmanager_from_address }}" - smtp_auth_password: "{{ alertmanager_smtp_password }}" + smtp_from: "{{ vault_alertmanager_from_address }}" + smtp_auth_username: "{{ vault_alertmanager_from_address }}" + smtp_auth_password: "{{ vault_alertmanager_smtp_password }}" route: receiver: default @@ -11,5 +11,5 @@ route: receivers: - name: default email_configs: - - to: "{{ alertmanager_to_address }}" + - to: "{{ vault_alertmanager_to_address }}" send_resolved: true diff --git a/ansible/roles/forrest/files/prometheus/docker-compose.yml b/ansible/roles/forrest/files/prometheus/docker-compose.yml index 14f464c..2aef6d0 100644 --- a/ansible/roles/forrest/files/prometheus/docker-compose.yml +++ b/ansible/roles/forrest/files/prometheus/docker-compose.yml @@ -45,7 +45,7 @@ services: environment: - PVE_USER=prometheus@pve - PVE_TOKEN_NAME=prometheus - - PVE_TOKEN_VALUE={{ prometheus_api_token }} + - PVE_TOKEN_VALUE={{ vault_prometheus_api_token }} - PVE_VERIFY_SSL=false speedtest_exporter: diff --git a/ansible/roles/forrest/files/prometheus/prometheus.yml b/ansible/roles/forrest/files/prometheus/prometheus.yml index a6fc269..8d35c0b 100644 --- a/ansible/roles/forrest/files/prometheus/prometheus.yml +++ b/ansible/roles/forrest/files/prometheus/prometheus.yml @@ -34,7 +34,7 @@ scrape_configs: - job_name: homeassistant metrics_path: /api/prometheus authorization: - credentials: "{{ homeassistant_token }}" + credentials: "{{ vault_homeassistant_token }}" metric_relabel_configs: - source_labels: [__name__] regex: python_.+ @@ -121,7 +121,7 @@ scrape_configs: module: [http] static_configs: - targets: - - https://hc-ping.com/{{ prometheus_healthcheck_uuid }} + - https://hc-ping.com/{{ vault_prometheus_healthcheck_uuid }} relabel_configs: - source_labels: [__address__] target_label: __param_target @@ -132,7 +132,7 @@ scrape_configs: - job_name: healthchecks scheme: https - metrics_path: /projects/{{ healthchecks_project_uuid }}/metrics/{{ healthcheck_api_token }} + metrics_path: /projects/{{ vault_healthchecks_project_uuid }}/metrics/{{ vault_healthcheck_api_token }} static_configs: - targets: [healthchecks.io] diff --git a/ansible/roles/forrest/vars/main.yml b/ansible/roles/forrest/vars/main.yml deleted file mode 100644 index 3c7738c..0000000 --- a/ansible/roles/forrest/vars/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -grafana_smtp_password: "{{ vault_grafana_smtp_password }}" -grafana_smtp_user: "{{ vault_grafana_smtp_user }}" -grafana_from_email: "{{ vault_grafana_from_email }}" -homeassistant_token: "{{ vault_homeassistant_token }}" -prometheus_healthcheck_uuid: "{{ vault_prometheus_healthcheck_uuid }}" -healthchecks_project_uuid: "{{ vault_healthchecks_project_uuid }}" -healthcheck_api_token: "{{ vault_healthcheck_api_token }}" -alertmanager_from_address: "{{ vault_alertmanager_from_address }}" -alertmanager_smtp_password: "{{ vault_alertmanager_smtp_password }}" -alertmanager_to_address: "{{ vault_alertmanager_to_address }}" -prometheus_api_token: "{{ vault_prometheus_api_token }}" diff --git a/ansible/roles/gitea/files/app.ini b/ansible/roles/gitea/files/app.ini index 3625c16..fef8471 100644 --- a/ansible/roles/gitea/files/app.ini +++ b/ansible/roles/gitea/files/app.ini @@ -21,7 +21,7 @@ PROTOCOL = http # TLS termination done by Traefik ENABLE_GZIP = true OFFLINE_MODE = true LANDING_PAGE = explore -LFS_JWT_SECRET = {{ lfs_jwt_secret }} +LFS_JWT_SECRET = {{ vault_lfs_jwt_secret }} [database] DB_TYPE = postgres @@ -39,8 +39,8 @@ LEVEL = warn [security] INSTALL_LOCK = true -SECRET_KEY = {{ secret_key }} -INTERNAL_TOKEN = {{ internal_token }} +SECRET_KEY = {{ vault_secret_key }} +INTERNAL_TOKEN = {{ vault_internal_token }} PASSWORD_HASH_ALGO = pbkdf2 COOKIE_USERNAME = gitea_username COOKIE_REMEMBER_NAME = gitea_remember @@ -118,9 +118,9 @@ ALLOW_LOCALNETWORKS = true ENABLED = true SMTP_ADDR = smtp.eu.mailgun.org SMTP_PORT = 465 -FROM = "{{ mailer_from_address }}" -USER = "{{ mailer_user }}" -PASSWD = "{{ mailer_password }}" +FROM = "{{ vault_mailer_from_address }}" +USER = "{{ vault_mailer_user }}" +PASSWD = "{{ vault_mailer_password }}" PROTOCOL = smtps [packages] @@ -129,8 +129,8 @@ STORAGE_TYPE = backblaze [storage.backblaze] STORAGE_TYPE = minio MINIO_ENDPOINT = s3.eu-central-003.backblazeb2.com -MINIO_ACCESS_KEY_ID = {{ backblaze_access_key_id }} -MINIO_SECRET_ACCESS_KEY = {{ backblaze_secret_access_key }} +MINIO_ACCESS_KEY_ID = {{ vault_backblaze_access_key_id }} +MINIO_SECRET_ACCESS_KEY = {{ vault_backblaze_secret_access_key }} MINIO_BUCKET = 0rng-gitea MINIO_LOCATION = eu-central-003 SERVE_DIRECT = true @@ -140,4 +140,4 @@ MINIO_USE_SSL = true PATH = /mnt/repo-archive [oauth2] -JWT_SECRET = {{ oauth2_jwt_secret }} +JWT_SECRET = {{ vault_oauth2_jwt_secret }} diff --git a/ansible/roles/gitea/vars/main.yml b/ansible/roles/gitea/vars/main.yml deleted file mode 100644 index 33ebb1f..0000000 --- a/ansible/roles/gitea/vars/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -lfs_jwt_secret: "{{ vault_lfs_jwt_secret }}" -secret_key: "{{ vault_secret_key }}" -internal_token: "{{ vault_internal_token }}" -oauth2_jwt_secret: "{{ vault_oauth2_jwt_secret }}" -mailer_from_address: "{{ vault_mailer_from_address }}" -mailer_user: "{{ vault_mailer_user }}" -mailer_password: "{{ vault_mailer_password }}" -backblaze_access_key_id: "{{ vault_backblaze_access_key_id }}" -backblaze_secret_access_key: "{{ vault_backblaze_secret_access_key }}" diff --git a/ansible/roles/gitea_runner/files/docker-compose.yml b/ansible/roles/gitea_runner/files/docker-compose.yml index db146dc..9df6ec7 100644 --- a/ansible/roles/gitea_runner/files/docker-compose.yml +++ b/ansible/roles/gitea_runner/files/docker-compose.yml @@ -10,7 +10,7 @@ services: environment: - TZ={{ timezone }} - GITEA_INSTANCE_URL=https://git.theorangeone.net - - GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_registration_token }} + - GITEA_RUNNER_REGISTRATION_TOKEN={{ vault_gitea_runner_registration_token }} - GITEA_RUNNER_NAME={{ ansible_hostname }} - GITEA_RUNNER_FETCH_INTERVAL=5s - GITEA_RUNNER_MAX_PARALLEL_JOBS={{ ansible_processor_nproc }} diff --git a/ansible/roles/gitea_runner/vars/main.yml b/ansible/roles/gitea_runner/vars/main.yml deleted file mode 100644 index feac9f1..0000000 --- a/ansible/roles/gitea_runner/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -gitea_runner_registration_token: "{{ vault_gitea_runner_registration_token }}" diff --git a/ansible/roles/mastodon/files/docker-compose.yml b/ansible/roles/mastodon/files/docker-compose.yml index 3721938..ac180cb 100644 --- a/ansible/roles/mastodon/files/docker-compose.yml +++ b/ansible/roles/mastodon/files/docker-compose.yml @@ -12,10 +12,10 @@ services: - DATABASE_URL=postgresql://mastodon:mastodon@db/mastodon - REDIS_URL=redis://redis - SIDEKIQ_REDIS_URL=redis://redis/1 - - SECRET_KEY_BASE={{ secret_key_base }} - - OTP_SECRET={{ otp_secret }} - - VAPID_PRIVATE_KEY={{ vapid_private_key }} - - VAPID_PUBLIC_KEY={{ vapid_public_key }} + - SECRET_KEY_BASE={{ vault_secret_key_base }} + - OTP_SECRET={{ vault_otp_secret }} + - VAPID_PRIVATE_KEY={{ vault_vapid_private_key }} + - VAPID_PUBLIC_KEY={{ vault_vapid_public_key }} - TRUSTED_PROXY_IP=172.20.0.1 - SINGLE_USER_MODE=true - DEFAULT_LOCALE=en diff --git a/ansible/roles/mastodon/vars/main.yml b/ansible/roles/mastodon/vars/main.yml deleted file mode 100644 index 1cc9557..0000000 --- a/ansible/roles/mastodon/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -secret_key_base: "{{ vault_secret_key_base }}" -otp_secret: "{{ vault_otp_secret }}" -vapid_private_key: "{{ vault_vapid_private_key }}" -vapid_public_key: "{{ vault_vapid_public_key }}" diff --git a/ansible/roles/minio/files/docker-compose.yml b/ansible/roles/minio/files/docker-compose.yml index eba7365..3049a6b 100644 --- a/ansible/roles/minio/files/docker-compose.yml +++ b/ansible/roles/minio/files/docker-compose.yml @@ -8,7 +8,7 @@ services: environment: - TZ=Europe/London - MINIO_ROOT_USER=jake - - MINIO_ROOT_PASSWORD={{ minio_root_password }} + - MINIO_ROOT_PASSWORD={{ vault_minio_root_password }} restart: unless-stopped labels: - traefik.enable=true diff --git a/ansible/roles/minio/vars/main.yml b/ansible/roles/minio/vars/main.yml deleted file mode 100644 index 70d9274..0000000 --- a/ansible/roles/minio/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -minio_root_password: "{{ vault_minio_root_password }}" diff --git a/ansible/roles/pihole/files/setup-vars.conf b/ansible/roles/pihole/files/setup-vars.conf index 7354fb3..fa512b0 100644 --- a/ansible/roles/pihole/files/setup-vars.conf +++ b/ansible/roles/pihole/files/setup-vars.conf @@ -7,7 +7,7 @@ CACHE_SIZE=10000 DNS_FQDN_REQUIRED=true DNS_BOGUS_PRIV=true DNSMASQ_LISTENING=bind -WEBPASSWORD={{ pihole_web_password | hash("sha256") | hash("sha256") }} +WEBPASSWORD={{ vault_pihole_web_password | hash("sha256") | hash("sha256") }} BLOCKING_ENABLED=true DNSSEC=false REV_SERVER=false diff --git a/ansible/roles/pihole/vars/main.yml b/ansible/roles/pihole/vars/main.yml deleted file mode 100644 index ad43800..0000000 --- a/ansible/roles/pihole/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -pihole_web_password: "{{ vault_pihole_web_password }}" diff --git a/ansible/roles/plausible/files/docker-compose.yml b/ansible/roles/plausible/files/docker-compose.yml index 47d07e2..4f20fdd 100644 --- a/ansible/roles/plausible/files/docker-compose.yml +++ b/ansible/roles/plausible/files/docker-compose.yml @@ -25,21 +25,21 @@ services: - traefik.http.routers.plausible-embed.middlewares=plausible-index environment: - - SECRET_KEY_BASE={{ plausible_secret_key }} - - SIGNING_SALT={{ plausible_signing_salt }} + - SECRET_KEY_BASE={{ vault_plausible_secret_key }} + - SIGNING_SALT={{ vault_plausible_signing_salt }} - DATABASE_URL=postgres://plausible:plausible@db:5432/plausible - DISABLE_REGISTRATION=true - DISABLE_SUBSCRIPTION=true - CLICKHOUSE_DATABASE_URL=http://clickhouse:8123/plausible - BASE_URL=https://elbisualp.theorangeone.net - - GOOGLE_CLIENT_ID={{ plausible_google_client_id }} - - GOOGLE_CLIENT_SECRET={{ plausible_google_client_secret }} + - GOOGLE_CLIENT_ID={{ vault_plausible_google_client_id }} + - GOOGLE_CLIENT_SECRET={{ vault_plausible_google_client_secret }} - RELEASE_DISTRIBUTION=none - - MAILER_EMAIL={{ plausible_from_email }} + - MAILER_EMAIL={{ vault_plausible_from_email }} - SMTP_HOST_ADDR=smtp.eu.mailgun.org - SMTP_HOST_PORT=465 - - SMTP_USER_NAME={{ plausible_smtp_user }} - - SMTP_USER_PWD={{ plausible_smtp_password }} + - SMTP_USER_NAME={{ vault_plausible_smtp_user }} + - SMTP_USER_PWD={{ vault_plausible_smtp_password }} - SMTP_HOST_SSL_ENABLED=true clickhouse: diff --git a/ansible/roles/plausible/vars/main.yml b/ansible/roles/plausible/vars/main.yml deleted file mode 100644 index 60f1689..0000000 --- a/ansible/roles/plausible/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -plausible_secret_key: "{{ vault_plausible_secret_key }}" -plausible_signing_salt: "{{ vault_plausible_signing_salt }}" -plausible_google_client_id: "{{ vault_plausible_google_client_id }}" -plausible_google_client_secret: "{{ vault_plausible_google_client_secret }}" -plausible_from_email: "{{ vault_plausible_from_email }}" -plausible_smtp_user: "{{ vault_plausible_smtp_user }}" -plausible_smtp_password: "{{ vault_plausible_smtp_password }}" diff --git a/ansible/roles/remark42/files/docker-compose.yml b/ansible/roles/remark42/files/docker-compose.yml index 55e96c1..6044350 100644 --- a/ansible/roles/remark42/files/docker-compose.yml +++ b/ansible/roles/remark42/files/docker-compose.yml @@ -13,15 +13,15 @@ services: environment: - APP_UID={{ docker_user.id }} - REMARK_URL=https://remark.theorangeone.net - - SECRET={{ remark_secret }} - - ADMIN_PASSWD={{ remark_admin_password }} + - SECRET={{ vault_remark_secret }} + - ADMIN_PASSWD={{ vault_remark_admin_password }} - SITE=theorangeone - TIME_ZONE={{ timezone }} - SMTP_HOST=smtp.eu.mailgun.org - - SMTP_USERNAME={{ remark_smtp_username }} - - SMTP_PASSWORD={{ remark_smtp_password }} - - NOTIFY_EMAIL_FROM={{ remark_from_email }} - - AUTH_EMAIL_FROM={{ remark_from_email }} + - SMTP_USERNAME={{ vault_remark_smtp_username }} + - SMTP_PASSWORD={{ vault_remark_smtp_password }} + - NOTIFY_EMAIL_FROM={{ vault_remark_from_email }} + - AUTH_EMAIL_FROM={{ vault_remark_from_email }} - SMTP_TLS=true - SMTP_PORT=465 - ADMIN_EDIT=true @@ -30,10 +30,10 @@ services: - EMOJI=true - DISABLE_SIGNATURE=true - AUTH_ANON=true - - AUTH_GITHUB_CID={{ remark_github_client_id }} - - AUTH_GITHUB_CSEC={{ remark_github_client_secret }} + - AUTH_GITHUB_CID={{ vault_remark_github_client_id }} + - AUTH_GITHUB_CSEC={{ vault_remark_github_client_secret }} - ALLOWED_HOSTS=remark.theorangeone.net,theorangeone.net - - ADMIN_SHARED_EMAIL={{ remark_admin_email }} + - ADMIN_SHARED_EMAIL={{ vault_remark_admin_email }} volumes: - ./remark:/srv/var diff --git a/ansible/roles/remark42/vars/main.yml b/ansible/roles/remark42/vars/main.yml deleted file mode 100644 index 65d3d05..0000000 --- a/ansible/roles/remark42/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -remark_github_client_id: "{{ vault_remark_github_client_id }}" -remark_github_client_secret: "{{ vault_remark_github_client_secret }}" -remark_smtp_username: "{{ vault_remark_smtp_username }}" -remark_smtp_password: "{{ vault_remark_smtp_password }}" -remark_from_email: "{{ vault_remark_from_email }}" -remark_secret: "{{ vault_remark_secret }}" -remark_admin_password: "{{ vault_remark_admin_password }}" -remark_admin_email: "{{ vault_remark_admin_email }}" diff --git a/ansible/roles/renovate/files/config.js b/ansible/roles/renovate/files/config.js index 8556201..78e84ce 100644 --- a/ansible/roles/renovate/files/config.js +++ b/ansible/roles/renovate/files/config.js @@ -1,6 +1,6 @@ module.exports = { endpoint: 'https://git.theorangeone.net/', - token: '{{ renovate_gitea_token }}', + token: '{{ vault_renovate_gitea_token }}', platform: 'gitea', //dryRun: true, autodiscover: true, diff --git a/ansible/roles/renovate/files/docker-compose.yml b/ansible/roles/renovate/files/docker-compose.yml index 4851765..7f96821 100644 --- a/ansible/roles/renovate/files/docker-compose.yml +++ b/ansible/roles/renovate/files/docker-compose.yml @@ -6,7 +6,7 @@ services: user: "{{ docker_user.id }}" environment: - TZ={{ timezone }} - - GITHUB_COM_TOKEN={{ renovate_github_token }} + - GITHUB_COM_TOKEN={{ vault_renovate_github_token }} - DOCKER_HOST=tcp://docker_proxy:2375 - LOG_LEVEL=debug # Noisy, but required for debugging restart: unless-stopped diff --git a/ansible/roles/renovate/vars/main.yml b/ansible/roles/renovate/vars/main.yml deleted file mode 100644 index 8b9f59a..0000000 --- a/ansible/roles/renovate/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -renovate_gitea_token: "{{ vault_renovate_gitea_token }}" -renovate_github_token: "{{ vault_renovate_github_token }}" diff --git a/ansible/roles/restic/files/backrest.sh b/ansible/roles/restic/files/backrest.sh index 4036b86..4637921 100644 --- a/ansible/roles/restic/files/backrest.sh +++ b/ansible/roles/restic/files/backrest.sh @@ -17,10 +17,10 @@ mkdir -p "$RESTIC_LOG_DIR" # Run backup, and capture logs to file cron_backup() { - curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_healthchecks_id }}/start + curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_healthchecks_id }}/start restic --verbose backup --files-from=$HOME/restic-include.txt --exclude-file=$HOME/restic-excludes.txt | tee -a $RESTIC_LOG_FILE exit_code=${PIPESTATUS[0]} - curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE" + curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE" echo "Exit code: $exit_code" } @@ -32,10 +32,10 @@ backup() { {% if restic_forget %} # Run forget and prune, and capture logs to file cron_forget() { - curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_forget_healthchecks_id }}/start + curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_forget_healthchecks_id }}/start restic forget --prune $FORGET_OPTIONS | tee -a $RESTIC_LOG_FILE exit_code=${PIPESTATUS[0]} - curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_forget_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE" + curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_forget_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE" echo "Exit code: $exit_code" } {% endif %} diff --git a/ansible/roles/tandoor/files/docker-compose.yml b/ansible/roles/tandoor/files/docker-compose.yml index 856010d..da42126 100644 --- a/ansible/roles/tandoor/files/docker-compose.yml +++ b/ansible/roles/tandoor/files/docker-compose.yml @@ -7,7 +7,7 @@ services: - TIMEZONE={{ timezone }} - DEBUG=0 - ALLOWED_HOSTS=recipes.jakehoward.tech - - SECRET_KEY={{ tandoor_secret_key }} + - SECRET_KEY={{ vault_tandoor_secret_key }} - DATABASE_URL=postgres://tandoor:tandoor@db:5432/tandoor - DB_ENGINE=django.db.backends.postgresql - POSTGRES_HOST=db @@ -17,10 +17,10 @@ services: - GUNICORN_MEDIA=1 - EMAIL_HOST=smtp.eu.mailgun.org - EMAIL_PORT=465 - - EMAIL_HOST_USER={{ tandoor_email_user }} - - EMAIL_HOST_PASSWORD={{ tandoor_email_password }} + - EMAIL_HOST_USER={{ vault_tandoor_email_user }} + - EMAIL_HOST_PASSWORD={{ vault_tandoor_email_password }} - EMAIL_USE_TLS=1 - - DEFAULT_FROM_EMAIL={{ tandoor_email_from }} + - DEFAULT_FROM_EMAIL={{ vault_tandoor_email_from }} restart: unless-stopped labels: - traefik.enable=true diff --git a/ansible/roles/tandoor/vars/main.yml b/ansible/roles/tandoor/vars/main.yml deleted file mode 100644 index cb216c3..0000000 --- a/ansible/roles/tandoor/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -tandoor_secret_key: "{{ vault_tandoor_secret_key }}" -tandoor_email_user: "{{ vault_tandoor_email_user }}" -tandoor_email_password: "{{ vault_tandoor_email_password }}" -tandoor_email_from: "{{ vault_tandoor_email_from }}" diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml index b66a0fb..650efaa 100644 --- a/ansible/roles/traefik/files/docker-compose.yml +++ b/ansible/roles/traefik/files/docker-compose.yml @@ -5,8 +5,8 @@ services: image: traefik:v2.10 user: "{{ docker_user.id }}" environment: - - CF_DNS_API_TOKEN={{ cloudflare_api_token }} - - GANDIV5_API_KEY={{ gandi_api_key }} + - CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }} + - GANDIV5_API_KEY={{ vault_gandi_api_key }} volumes: - /tmp/traefik-logs:/var/log/traefik - ./traefik:/etc/traefik diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index d09aa86..a530ee7 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -54,7 +54,7 @@ api: certificatesResolvers: le: acme: - email: "{{ letsencrypt_email }}" + email: "{{ vault_letsencrypt_email }}" storage: /etc/traefik/acme.json dnsChallenge: provider: cloudflare @@ -65,7 +65,7 @@ certificatesResolvers: gandi: acme: - email: "{{ letsencrypt_email }}" + email: "{{ vault_letsencrypt_email }}" storage: /etc/traefik/acme.json dnsChallenge: provider: gandiv5 diff --git a/ansible/roles/traefik/vars/main.yml b/ansible/roles/traefik/vars/main.yml deleted file mode 100644 index a1df6d8..0000000 --- a/ansible/roles/traefik/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -gandi_api_key: "{{ vault_gandi_api_key }}" -letsencrypt_email: "{{ vault_letsencrypt_email }}" -cloudflare_api_token: "{{ vault_cloudflare_api_token }}" diff --git a/ansible/roles/vikunja/files/docker-compose.yml b/ansible/roles/vikunja/files/docker-compose.yml index 86154ad..efcf0d3 100644 --- a/ansible/roles/vikunja/files/docker-compose.yml +++ b/ansible/roles/vikunja/files/docker-compose.yml @@ -11,7 +11,7 @@ services: - VIKUNJA_DATABASE_USER=vikunja - VIKUNJA_DATABASE_DATABASE=vikunja - VIKUNJA_SERVICE_FRONTENDURL=https://tasks.jakehoward.tech - - VIKUNJA_SERVICE_JWTSECRET="{{ jwt_secret }}" + - VIKUNJA_SERVICE_JWTSECRET="{{ vault_jwt_secret }}" - VIKUNJA_SERVICE_ENABLEREGISTRATION=false - VIKUNJA_SERVICE_TIMEZONE={{ timezone }} - VIKUNJA_REDIS_HOST=redis:6379 @@ -19,9 +19,9 @@ services: - VIKUNJA_LOG_PATH=/dev/stdout - VIKUNJA_KEYVALUE_TYPE=redis - VIKUNJA_MAILER_ENABLED=true - - VIKUNJA_MAIL_FROMEMAIL={{ from_email }} - - VIKUNJA_MAILER_USERNAME={{ smtp_username }} - - VIKUNJA_MAILER_PASSWORD={{ smtp_password }} + - VIKUNJA_MAIL_FROMEMAIL={{ vault_from_email }} + - VIKUNJA_MAILER_USERNAME={{ vault_smtp_username }} + - VIKUNJA_MAILER_PASSWORD={{ vault_smtp_password }} - VIKUNJA_MAILER_HOST=smtp.eu.mailgun.org - TZ={{ timezone }} - PUID={{ docker_user.id }} diff --git a/ansible/roles/vikunja/vars/main.yml b/ansible/roles/vikunja/vars/main.yml deleted file mode 100644 index 9117d72..0000000 --- a/ansible/roles/vikunja/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -jwt_secret: "{{ vault_jwt_secret }}" -from_email: "{{ vault_from_email }}" -smtp_username: "{{ vault_smtp_username }}" -smtp_password: "{{ vault_smtp_password }}" diff --git a/ansible/roles/website/files/docker-compose.yml b/ansible/roles/website/files/docker-compose.yml index 742aa9f..b662403 100644 --- a/ansible/roles/website/files/docker-compose.yml +++ b/ansible/roles/website/files/docker-compose.yml @@ -8,14 +8,14 @@ x-website: &website environment: - TZ={{ timezone }} - DEBUG=false - - SECRET_KEY={{ website_secret_key }} + - SECRET_KEY={{ vault_website_secret_key }} - DATABASE_URL=postgres://website:website@db/website?conn_max_age=600 - CACHE_URL=redis://redis/0 - QUEUE_STORE_URL=redis://redis/1 - RENDITION_CACHE_URL=redis://redis/2 - SPOTIFY_PROXY_URL=http://spotify_public_proxy - - UNSPLASH_CLIENT_ID={{ unsplash_client_id }} - - SENTRY_DSN={{ website_sentry_dsn }} + - UNSPLASH_CLIENT_ID={{ vault_unsplash_client_id }} + - SENTRY_DSN={{ vault_website_sentry_dsn }} - BASE_HOSTNAME=theorangeone.net - WEB_CONCURRENCY=3 - SEO_INDEX=true @@ -80,9 +80,9 @@ services: restart: unless-stopped environment: - PORT=80 - - SPOTIFY_CLIENT_ID={{ spotify_client_id }} - - SPOTIFY_CLIENT_SECRET={{ spotify_client_secret }} - - SENTRY_DSN={{ spotify_sentry_dsn }} + - SPOTIFY_CLIENT_ID={{ vault_spotify_client_id }} + - SPOTIFY_CLIENT_SECRET={{ vault_spotify_client_secret }} + - SENTRY_DSN={{ vault_spotify_sentry_dsn }} networks: traefik: diff --git a/ansible/roles/website/vars/main.yml b/ansible/roles/website/vars/main.yml deleted file mode 100644 index bccdbcf..0000000 --- a/ansible/roles/website/vars/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -website_secret_key: "{{ vault_website_secret_key }}" -website_sentry_dsn: "{{ vault_website_sentry_dsn }}" -unsplash_client_id: "{{ vault_unsplash_client_id }}" -spotify_client_id: "{{ vault_spotify_client_id }}" -spotify_client_secret: "{{ vault_spotify_client_secret }}" -spotify_sentry_dsn: "{{ vault_spotify_sentry_dsn }}"