Remove unnecessary extra variable definitions

The world could do with a bit less YAML!
This commit is contained in:
Jake Howard 2023-12-14 22:03:23 +00:00
parent 7ad5d6e51e
commit b33e19e152
Signed by: jake
GPG key ID: 57AFB45680EDD477
40 changed files with 81 additions and 158 deletions

View file

@ -3,7 +3,5 @@ restic_backup_locations:
- /mnt/host/mnt/speed
- /mnt/host/etc/pve
- /mnt/home-assistant
restic_healthchecks_id: "{{ vault_restic_healthchecks_id }}"
restic_forget: true
restic_forget_healthchecks_id: "{{ vault_restic_forget_healthchecks_id }}"

View file

@ -1,3 +1,2 @@
restic_backup_locations:
- /opt
restic_healthchecks_id: "{{ vault_restic_healthchecks_id }}"

View file

@ -6,18 +6,18 @@ x-env: &env
- AUTHENTIK_POSTGRESQL__HOST=db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
- AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
- AUTHENTIK_POSTGRESQL__PASSWORD={{ vault_authentik_db_password }}
- AUTHENTIK_SECRET_KEY={{ vault_authentik_secret_key }}
- AUTHENTIK_WEB__WORKERS=1
- AUTHENTIK_DISABLE_UPDATE_CHECK=true
- AUTHENTIK_ERROR_REPORTING__ENABLED=false
- AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
- AUTHENTIK_EMAIL__HOST=smtp.eu.mailgun.org
- AUTHENTIK_EMAIL__PORT=465
- AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }}
- AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }}
- AUTHENTIK_EMAIL__USERNAME={{ vault_authentik_email_username }}
- AUTHENTIK_EMAIL__PASSWORD={{ vault_authentik_email_password }}
- AUTHENTIK_EMAIL__USE_TLS=true
- AUTHENTIK_EMAIL__FROM={{ authentik_email_from }}
- AUTHENTIK_EMAIL__FROM={{ vault_authentik_email_from }}
services:
server:
@ -64,7 +64,7 @@ services:
volumes:
- /mnt/speed/dbs/postgres/authentik:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD={{ authentik_db_password }}
- POSTGRES_PASSWORD={{ vault_authentik_db_password }}
- POSTGRES_USER=authentik
redis:

View file

@ -1,5 +0,0 @@
authentik_db_password: "{{ vault_authentik_db_password }}"
authentik_secret_key: "{{ vault_authentik_secret_key }}"
authentik_email_username: "{{ vault_authentik_email_username }}"
authentik_email_password: "{{ vault_authentik_email_password }}"
authentik_email_from: "{{ vault_authentik_email_from }}"

View file

@ -17,15 +17,15 @@ services:
- COMMENTO_ORIGIN=https://commento.theorangeone.net
- COMMENTO_GZIP_STATIC=true
- COMMENTO_FORBID_NEW_OWNERS=true
- COMMENTO_GITHUB_KEY={{ commento_github_client_id }}
- COMMENTO_GITHUB_SECRET={{ commento_github_client_secret }}
- COMMENTO_GITHUB_KEY={{ vault_commento_github_client_id }}
- COMMENTO_GITHUB_SECRET={{ vault_commento_github_client_secret }}
- COMMENTO_SMTP_HOST=smtp.eu.mailgun.org
- COMMENTO_SMTP_PORT=587
- COMMENTO_SMTP_USERNAME={{ commento_smtp_username }}
- COMMENTO_SMTP_PASSWORD={{ commento_smtp_password }}
- COMMENTO_SMTP_FROM_ADDRESS={{ commento_from_email }}
- COMMENTO_GITLAB_KEY={{ commento_gitlab_application_id }}
- COMMENTO_GITLAB_SECRET={{ commento_gitlab_application_secret }}
- COMMENTO_SMTP_USERNAME={{ vault_commento_smtp_username }}
- COMMENTO_SMTP_PASSWORD={{ vault_commento_smtp_password }}
- COMMENTO_SMTP_FROM_ADDRESS={{ vault_commento_from_email }}
- COMMENTO_GITLAB_KEY={{ vault_commento_gitlab_application_id }}
- COMMENTO_GITLAB_SECRET={{ vault_commento_gitlab_application_secret }}
db:
image: postgres:14-alpine

View file

@ -1,7 +0,0 @@
commento_github_client_id: "{{ vault_commento_github_client_id }}"
commento_github_client_secret: "{{ vault_commento_github_client_secret }}"
commento_smtp_username: "{{ vault_commento_smtp_username }}"
commento_smtp_password: "{{ vault_commento_smtp_password }}"
commento_from_email: "{{ vault_commento_from_email }}"
commento_gitlab_application_id: "{{ vault_commento_gitlab_application_id }}"
commento_gitlab_application_secret: "{{ vault_commento_gitlab_application_secret }}"

View file

@ -8,7 +8,7 @@ services:
- "{{ db_backups_dir }}:/var/backups"
environment:
- DOCKER_HOST=tcp://docker_proxy:2375
- HEALTHCHECKS_ID={{ db_auto_backup_healthchecks_id }}
- HEALTHCHECKS_ID={{ vault_db_auto_backup_healthchecks_id }}
depends_on:
- docker_proxy

View file

@ -1 +0,0 @@
db_auto_backup_healthchecks_id: "{{ vault_db_auto_backup_healthchecks_id }}"

View file

@ -15,9 +15,9 @@ services:
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=smtp.eu.mailgun.org:465
- GF_SMTP_USER={{ grafana_smtp_user }}
- GF_SMTP_PASSWORD={{ grafana_smtp_password }}
- GF_SMTP_FROM_ADDRESS={{ grafana_from_email }}
- GF_SMTP_USER={{ vault_grafana_smtp_user }}
- GF_SMTP_PASSWORD={{ vault_grafana_smtp_password }}
- GF_SMTP_FROM_ADDRESS={{ vault_grafana_from_email }}
- GF_SMTP_FROM_NAME=grafana
volumes:
- "{{ app_data_dir }}/grafana:/var/lib/grafana"

View file

@ -1,9 +1,9 @@
global:
resolve_timeout: 3m
smtp_smarthost: smtp.eu.mailgun.org:465
smtp_from: "{{ alertmanager_from_address }}"
smtp_auth_username: "{{ alertmanager_from_address }}"
smtp_auth_password: "{{ alertmanager_smtp_password }}"
smtp_from: "{{ vault_alertmanager_from_address }}"
smtp_auth_username: "{{ vault_alertmanager_from_address }}"
smtp_auth_password: "{{ vault_alertmanager_smtp_password }}"
route:
receiver: default
@ -11,5 +11,5 @@ route:
receivers:
- name: default
email_configs:
- to: "{{ alertmanager_to_address }}"
- to: "{{ vault_alertmanager_to_address }}"
send_resolved: true

View file

@ -45,7 +45,7 @@ services:
environment:
- PVE_USER=prometheus@pve
- PVE_TOKEN_NAME=prometheus
- PVE_TOKEN_VALUE={{ prometheus_api_token }}
- PVE_TOKEN_VALUE={{ vault_prometheus_api_token }}
- PVE_VERIFY_SSL=false
speedtest_exporter:

View file

@ -34,7 +34,7 @@ scrape_configs:
- job_name: homeassistant
metrics_path: /api/prometheus
authorization:
credentials: "{{ homeassistant_token }}"
credentials: "{{ vault_homeassistant_token }}"
metric_relabel_configs:
- source_labels: [__name__]
regex: python_.+
@ -121,7 +121,7 @@ scrape_configs:
module: [http]
static_configs:
- targets:
- https://hc-ping.com/{{ prometheus_healthcheck_uuid }}
- https://hc-ping.com/{{ vault_prometheus_healthcheck_uuid }}
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
@ -132,7 +132,7 @@ scrape_configs:
- job_name: healthchecks
scheme: https
metrics_path: /projects/{{ healthchecks_project_uuid }}/metrics/{{ healthcheck_api_token }}
metrics_path: /projects/{{ vault_healthchecks_project_uuid }}/metrics/{{ vault_healthcheck_api_token }}
static_configs:
- targets: [healthchecks.io]

View file

@ -1,11 +0,0 @@
grafana_smtp_password: "{{ vault_grafana_smtp_password }}"
grafana_smtp_user: "{{ vault_grafana_smtp_user }}"
grafana_from_email: "{{ vault_grafana_from_email }}"
homeassistant_token: "{{ vault_homeassistant_token }}"
prometheus_healthcheck_uuid: "{{ vault_prometheus_healthcheck_uuid }}"
healthchecks_project_uuid: "{{ vault_healthchecks_project_uuid }}"
healthcheck_api_token: "{{ vault_healthcheck_api_token }}"
alertmanager_from_address: "{{ vault_alertmanager_from_address }}"
alertmanager_smtp_password: "{{ vault_alertmanager_smtp_password }}"
alertmanager_to_address: "{{ vault_alertmanager_to_address }}"
prometheus_api_token: "{{ vault_prometheus_api_token }}"

View file

@ -21,7 +21,7 @@ PROTOCOL = http # TLS termination done by Traefik
ENABLE_GZIP = true
OFFLINE_MODE = true
LANDING_PAGE = explore
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
LFS_JWT_SECRET = {{ vault_lfs_jwt_secret }}
[database]
DB_TYPE = postgres
@ -39,8 +39,8 @@ LEVEL = warn
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ secret_key }}
INTERNAL_TOKEN = {{ internal_token }}
SECRET_KEY = {{ vault_secret_key }}
INTERNAL_TOKEN = {{ vault_internal_token }}
PASSWORD_HASH_ALGO = pbkdf2
COOKIE_USERNAME = gitea_username
COOKIE_REMEMBER_NAME = gitea_remember
@ -118,9 +118,9 @@ ALLOW_LOCALNETWORKS = true
ENABLED = true
SMTP_ADDR = smtp.eu.mailgun.org
SMTP_PORT = 465
FROM = "{{ mailer_from_address }}"
USER = "{{ mailer_user }}"
PASSWD = "{{ mailer_password }}"
FROM = "{{ vault_mailer_from_address }}"
USER = "{{ vault_mailer_user }}"
PASSWD = "{{ vault_mailer_password }}"
PROTOCOL = smtps
[packages]
@ -129,8 +129,8 @@ STORAGE_TYPE = backblaze
[storage.backblaze]
STORAGE_TYPE = minio
MINIO_ENDPOINT = s3.eu-central-003.backblazeb2.com
MINIO_ACCESS_KEY_ID = {{ backblaze_access_key_id }}
MINIO_SECRET_ACCESS_KEY = {{ backblaze_secret_access_key }}
MINIO_ACCESS_KEY_ID = {{ vault_backblaze_access_key_id }}
MINIO_SECRET_ACCESS_KEY = {{ vault_backblaze_secret_access_key }}
MINIO_BUCKET = 0rng-gitea
MINIO_LOCATION = eu-central-003
SERVE_DIRECT = true
@ -140,4 +140,4 @@ MINIO_USE_SSL = true
PATH = /mnt/repo-archive
[oauth2]
JWT_SECRET = {{ oauth2_jwt_secret }}
JWT_SECRET = {{ vault_oauth2_jwt_secret }}

View file

@ -1,9 +0,0 @@
lfs_jwt_secret: "{{ vault_lfs_jwt_secret }}"
secret_key: "{{ vault_secret_key }}"
internal_token: "{{ vault_internal_token }}"
oauth2_jwt_secret: "{{ vault_oauth2_jwt_secret }}"
mailer_from_address: "{{ vault_mailer_from_address }}"
mailer_user: "{{ vault_mailer_user }}"
mailer_password: "{{ vault_mailer_password }}"
backblaze_access_key_id: "{{ vault_backblaze_access_key_id }}"
backblaze_secret_access_key: "{{ vault_backblaze_secret_access_key }}"

View file

@ -10,7 +10,7 @@ services:
environment:
- TZ={{ timezone }}
- GITEA_INSTANCE_URL=https://git.theorangeone.net
- GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_registration_token }}
- GITEA_RUNNER_REGISTRATION_TOKEN={{ vault_gitea_runner_registration_token }}
- GITEA_RUNNER_NAME={{ ansible_hostname }}
- GITEA_RUNNER_FETCH_INTERVAL=5s
- GITEA_RUNNER_MAX_PARALLEL_JOBS={{ ansible_processor_nproc }}

View file

@ -1 +0,0 @@
gitea_runner_registration_token: "{{ vault_gitea_runner_registration_token }}"

View file

@ -12,10 +12,10 @@ services:
- DATABASE_URL=postgresql://mastodon:mastodon@db/mastodon
- REDIS_URL=redis://redis
- SIDEKIQ_REDIS_URL=redis://redis/1
- SECRET_KEY_BASE={{ secret_key_base }}
- OTP_SECRET={{ otp_secret }}
- VAPID_PRIVATE_KEY={{ vapid_private_key }}
- VAPID_PUBLIC_KEY={{ vapid_public_key }}
- SECRET_KEY_BASE={{ vault_secret_key_base }}
- OTP_SECRET={{ vault_otp_secret }}
- VAPID_PRIVATE_KEY={{ vault_vapid_private_key }}
- VAPID_PUBLIC_KEY={{ vault_vapid_public_key }}
- TRUSTED_PROXY_IP=172.20.0.1
- SINGLE_USER_MODE=true
- DEFAULT_LOCALE=en

View file

@ -1,4 +0,0 @@
secret_key_base: "{{ vault_secret_key_base }}"
otp_secret: "{{ vault_otp_secret }}"
vapid_private_key: "{{ vault_vapid_private_key }}"
vapid_public_key: "{{ vault_vapid_public_key }}"

View file

@ -8,7 +8,7 @@ services:
environment:
- TZ=Europe/London
- MINIO_ROOT_USER=jake
- MINIO_ROOT_PASSWORD={{ minio_root_password }}
- MINIO_ROOT_PASSWORD={{ vault_minio_root_password }}
restart: unless-stopped
labels:
- traefik.enable=true

View file

@ -1 +0,0 @@
minio_root_password: "{{ vault_minio_root_password }}"

View file

@ -7,7 +7,7 @@ CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=bind
WEBPASSWORD={{ pihole_web_password | hash("sha256") | hash("sha256") }}
WEBPASSWORD={{ vault_pihole_web_password | hash("sha256") | hash("sha256") }}
BLOCKING_ENABLED=true
DNSSEC=false
REV_SERVER=false

View file

@ -1 +0,0 @@
pihole_web_password: "{{ vault_pihole_web_password }}"

View file

@ -25,21 +25,21 @@ services:
- traefik.http.routers.plausible-embed.middlewares=plausible-index
environment:
- SECRET_KEY_BASE={{ plausible_secret_key }}
- SIGNING_SALT={{ plausible_signing_salt }}
- SECRET_KEY_BASE={{ vault_plausible_secret_key }}
- SIGNING_SALT={{ vault_plausible_signing_salt }}
- DATABASE_URL=postgres://plausible:plausible@db:5432/plausible
- DISABLE_REGISTRATION=true
- DISABLE_SUBSCRIPTION=true
- CLICKHOUSE_DATABASE_URL=http://clickhouse:8123/plausible
- BASE_URL=https://elbisualp.theorangeone.net
- GOOGLE_CLIENT_ID={{ plausible_google_client_id }}
- GOOGLE_CLIENT_SECRET={{ plausible_google_client_secret }}
- GOOGLE_CLIENT_ID={{ vault_plausible_google_client_id }}
- GOOGLE_CLIENT_SECRET={{ vault_plausible_google_client_secret }}
- RELEASE_DISTRIBUTION=none
- MAILER_EMAIL={{ plausible_from_email }}
- MAILER_EMAIL={{ vault_plausible_from_email }}
- SMTP_HOST_ADDR=smtp.eu.mailgun.org
- SMTP_HOST_PORT=465
- SMTP_USER_NAME={{ plausible_smtp_user }}
- SMTP_USER_PWD={{ plausible_smtp_password }}
- SMTP_USER_NAME={{ vault_plausible_smtp_user }}
- SMTP_USER_PWD={{ vault_plausible_smtp_password }}
- SMTP_HOST_SSL_ENABLED=true
clickhouse:

View file

@ -1,7 +0,0 @@
plausible_secret_key: "{{ vault_plausible_secret_key }}"
plausible_signing_salt: "{{ vault_plausible_signing_salt }}"
plausible_google_client_id: "{{ vault_plausible_google_client_id }}"
plausible_google_client_secret: "{{ vault_plausible_google_client_secret }}"
plausible_from_email: "{{ vault_plausible_from_email }}"
plausible_smtp_user: "{{ vault_plausible_smtp_user }}"
plausible_smtp_password: "{{ vault_plausible_smtp_password }}"

View file

@ -13,15 +13,15 @@ services:
environment:
- APP_UID={{ docker_user.id }}
- REMARK_URL=https://remark.theorangeone.net
- SECRET={{ remark_secret }}
- ADMIN_PASSWD={{ remark_admin_password }}
- SECRET={{ vault_remark_secret }}
- ADMIN_PASSWD={{ vault_remark_admin_password }}
- SITE=theorangeone
- TIME_ZONE={{ timezone }}
- SMTP_HOST=smtp.eu.mailgun.org
- SMTP_USERNAME={{ remark_smtp_username }}
- SMTP_PASSWORD={{ remark_smtp_password }}
- NOTIFY_EMAIL_FROM={{ remark_from_email }}
- AUTH_EMAIL_FROM={{ remark_from_email }}
- SMTP_USERNAME={{ vault_remark_smtp_username }}
- SMTP_PASSWORD={{ vault_remark_smtp_password }}
- NOTIFY_EMAIL_FROM={{ vault_remark_from_email }}
- AUTH_EMAIL_FROM={{ vault_remark_from_email }}
- SMTP_TLS=true
- SMTP_PORT=465
- ADMIN_EDIT=true
@ -30,10 +30,10 @@ services:
- EMOJI=true
- DISABLE_SIGNATURE=true
- AUTH_ANON=true
- AUTH_GITHUB_CID={{ remark_github_client_id }}
- AUTH_GITHUB_CSEC={{ remark_github_client_secret }}
- AUTH_GITHUB_CID={{ vault_remark_github_client_id }}
- AUTH_GITHUB_CSEC={{ vault_remark_github_client_secret }}
- ALLOWED_HOSTS=remark.theorangeone.net,theorangeone.net
- ADMIN_SHARED_EMAIL={{ remark_admin_email }}
- ADMIN_SHARED_EMAIL={{ vault_remark_admin_email }}
volumes:
- ./remark:/srv/var

View file

@ -1,8 +0,0 @@
remark_github_client_id: "{{ vault_remark_github_client_id }}"
remark_github_client_secret: "{{ vault_remark_github_client_secret }}"
remark_smtp_username: "{{ vault_remark_smtp_username }}"
remark_smtp_password: "{{ vault_remark_smtp_password }}"
remark_from_email: "{{ vault_remark_from_email }}"
remark_secret: "{{ vault_remark_secret }}"
remark_admin_password: "{{ vault_remark_admin_password }}"
remark_admin_email: "{{ vault_remark_admin_email }}"

View file

@ -1,6 +1,6 @@
module.exports = {
endpoint: 'https://git.theorangeone.net/',
token: '{{ renovate_gitea_token }}',
token: '{{ vault_renovate_gitea_token }}',
platform: 'gitea',
//dryRun: true,
autodiscover: true,

View file

@ -6,7 +6,7 @@ services:
user: "{{ docker_user.id }}"
environment:
- TZ={{ timezone }}
- GITHUB_COM_TOKEN={{ renovate_github_token }}
- GITHUB_COM_TOKEN={{ vault_renovate_github_token }}
- DOCKER_HOST=tcp://docker_proxy:2375
- LOG_LEVEL=debug # Noisy, but required for debugging
restart: unless-stopped

View file

@ -1,2 +0,0 @@
renovate_gitea_token: "{{ vault_renovate_gitea_token }}"
renovate_github_token: "{{ vault_renovate_github_token }}"

View file

@ -17,10 +17,10 @@ mkdir -p "$RESTIC_LOG_DIR"
# Run backup, and capture logs to file
cron_backup() {
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_healthchecks_id }}/start
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_healthchecks_id }}/start
restic --verbose backup --files-from=$HOME/restic-include.txt --exclude-file=$HOME/restic-excludes.txt | tee -a $RESTIC_LOG_FILE
exit_code=${PIPESTATUS[0]}
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
echo "Exit code: $exit_code"
}
@ -32,10 +32,10 @@ backup() {
{% if restic_forget %}
# Run forget and prune, and capture logs to file
cron_forget() {
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_forget_healthchecks_id }}/start
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_forget_healthchecks_id }}/start
restic forget --prune $FORGET_OPTIONS | tee -a $RESTIC_LOG_FILE
exit_code=${PIPESTATUS[0]}
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ restic_forget_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
curl -fsS -m 10 --retry 5 -o /dev/null {{ healthchecks_host }}/{{ vault_restic_forget_healthchecks_id }}/$exit_code --data-binary "@$RESTIC_LOG_FILE"
echo "Exit code: $exit_code"
}
{% endif %}

View file

@ -7,7 +7,7 @@ services:
- TIMEZONE={{ timezone }}
- DEBUG=0
- ALLOWED_HOSTS=recipes.jakehoward.tech
- SECRET_KEY={{ tandoor_secret_key }}
- SECRET_KEY={{ vault_tandoor_secret_key }}
- DATABASE_URL=postgres://tandoor:tandoor@db:5432/tandoor
- DB_ENGINE=django.db.backends.postgresql
- POSTGRES_HOST=db
@ -17,10 +17,10 @@ services:
- GUNICORN_MEDIA=1
- EMAIL_HOST=smtp.eu.mailgun.org
- EMAIL_PORT=465
- EMAIL_HOST_USER={{ tandoor_email_user }}
- EMAIL_HOST_PASSWORD={{ tandoor_email_password }}
- EMAIL_HOST_USER={{ vault_tandoor_email_user }}
- EMAIL_HOST_PASSWORD={{ vault_tandoor_email_password }}
- EMAIL_USE_TLS=1
- DEFAULT_FROM_EMAIL={{ tandoor_email_from }}
- DEFAULT_FROM_EMAIL={{ vault_tandoor_email_from }}
restart: unless-stopped
labels:
- traefik.enable=true

View file

@ -1,4 +0,0 @@
tandoor_secret_key: "{{ vault_tandoor_secret_key }}"
tandoor_email_user: "{{ vault_tandoor_email_user }}"
tandoor_email_password: "{{ vault_tandoor_email_password }}"
tandoor_email_from: "{{ vault_tandoor_email_from }}"

View file

@ -5,8 +5,8 @@ services:
image: traefik:v2.10
user: "{{ docker_user.id }}"
environment:
- CF_DNS_API_TOKEN={{ cloudflare_api_token }}
- GANDIV5_API_KEY={{ gandi_api_key }}
- CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
- GANDIV5_API_KEY={{ vault_gandi_api_key }}
volumes:
- /tmp/traefik-logs:/var/log/traefik
- ./traefik:/etc/traefik

View file

@ -54,7 +54,7 @@ api:
certificatesResolvers:
le:
acme:
email: "{{ letsencrypt_email }}"
email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
@ -65,7 +65,7 @@ certificatesResolvers:
gandi:
acme:
email: "{{ letsencrypt_email }}"
email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: gandiv5

View file

@ -1,3 +0,0 @@
gandi_api_key: "{{ vault_gandi_api_key }}"
letsencrypt_email: "{{ vault_letsencrypt_email }}"
cloudflare_api_token: "{{ vault_cloudflare_api_token }}"

View file

@ -11,7 +11,7 @@ services:
- VIKUNJA_DATABASE_USER=vikunja
- VIKUNJA_DATABASE_DATABASE=vikunja
- VIKUNJA_SERVICE_FRONTENDURL=https://tasks.jakehoward.tech
- VIKUNJA_SERVICE_JWTSECRET="{{ jwt_secret }}"
- VIKUNJA_SERVICE_JWTSECRET="{{ vault_jwt_secret }}"
- VIKUNJA_SERVICE_ENABLEREGISTRATION=false
- VIKUNJA_SERVICE_TIMEZONE={{ timezone }}
- VIKUNJA_REDIS_HOST=redis:6379
@ -19,9 +19,9 @@ services:
- VIKUNJA_LOG_PATH=/dev/stdout
- VIKUNJA_KEYVALUE_TYPE=redis
- VIKUNJA_MAILER_ENABLED=true
- VIKUNJA_MAIL_FROMEMAIL={{ from_email }}
- VIKUNJA_MAILER_USERNAME={{ smtp_username }}
- VIKUNJA_MAILER_PASSWORD={{ smtp_password }}
- VIKUNJA_MAIL_FROMEMAIL={{ vault_from_email }}
- VIKUNJA_MAILER_USERNAME={{ vault_smtp_username }}
- VIKUNJA_MAILER_PASSWORD={{ vault_smtp_password }}
- VIKUNJA_MAILER_HOST=smtp.eu.mailgun.org
- TZ={{ timezone }}
- PUID={{ docker_user.id }}

View file

@ -1,4 +0,0 @@
jwt_secret: "{{ vault_jwt_secret }}"
from_email: "{{ vault_from_email }}"
smtp_username: "{{ vault_smtp_username }}"
smtp_password: "{{ vault_smtp_password }}"

View file

@ -8,14 +8,14 @@ x-website: &website
environment:
- TZ={{ timezone }}
- DEBUG=false
- SECRET_KEY={{ website_secret_key }}
- SECRET_KEY={{ vault_website_secret_key }}
- DATABASE_URL=postgres://website:website@db/website?conn_max_age=600
- CACHE_URL=redis://redis/0
- QUEUE_STORE_URL=redis://redis/1
- RENDITION_CACHE_URL=redis://redis/2
- SPOTIFY_PROXY_URL=http://spotify_public_proxy
- UNSPLASH_CLIENT_ID={{ unsplash_client_id }}
- SENTRY_DSN={{ website_sentry_dsn }}
- UNSPLASH_CLIENT_ID={{ vault_unsplash_client_id }}
- SENTRY_DSN={{ vault_website_sentry_dsn }}
- BASE_HOSTNAME=theorangeone.net
- WEB_CONCURRENCY=3
- SEO_INDEX=true
@ -80,9 +80,9 @@ services:
restart: unless-stopped
environment:
- PORT=80
- SPOTIFY_CLIENT_ID={{ spotify_client_id }}
- SPOTIFY_CLIENT_SECRET={{ spotify_client_secret }}
- SENTRY_DSN={{ spotify_sentry_dsn }}
- SPOTIFY_CLIENT_ID={{ vault_spotify_client_id }}
- SPOTIFY_CLIENT_SECRET={{ vault_spotify_client_secret }}
- SENTRY_DSN={{ vault_spotify_sentry_dsn }}
networks:
traefik:

View file

@ -1,6 +0,0 @@
website_secret_key: "{{ vault_website_secret_key }}"
website_sentry_dsn: "{{ vault_website_sentry_dsn }}"
unsplash_client_id: "{{ vault_unsplash_client_id }}"
spotify_client_id: "{{ vault_spotify_client_id }}"
spotify_client_secret: "{{ vault_spotify_client_secret }}"
spotify_sentry_dsn: "{{ vault_spotify_sentry_dsn }}"