From ec0c78e6d9f05942b53f5982ad6620c307e98cb5 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 14 Feb 2021 12:29:14 +0000
Subject: [PATCH] Read emails from secrets

---
 ansible/roles/forrest/files/docker-compose.yml |  4 ++--
 ansible/roles/forrest/vars/main.yml            | 14 ++++++++++++++
 ansible/roles/traefik/files/traefik.yml        |  2 +-
 ansible/roles/traefik/vars/main.yml            |  8 ++++++++
 terraform/providers.tf                         |  2 +-
 terraform/variables.tf                         |  1 +
 6 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/forrest/files/docker-compose.yml b/ansible/roles/forrest/files/docker-compose.yml
index 78340a8..b33e6d0 100644
--- a/ansible/roles/forrest/files/docker-compose.yml
+++ b/ansible/roles/forrest/files/docker-compose.yml
@@ -13,9 +13,9 @@ services:
 
       - GF_SMTP_ENABLED=true
       - GF_SMTP_HOST=smtp.fastmail.com:465
-      - GF_SMTP_USER=jake@theorangeone.net
+      - GF_SMTP_USER={{ grafana_smtp_user }}
       - GF_SMTP_PASSWORD={{ grafana_smtp_password }}
-      - GF_SMTP_FROM_ADDRESS=grafana@jakehoward.tech
+      - GF_SMTP_FROM_ADDRESS={{ grafana_from_email }}
       - GF_SMTP_FROM_NAME=grafana
 
     volumes:
diff --git a/ansible/roles/forrest/vars/main.yml b/ansible/roles/forrest/vars/main.yml
index 75ada4e..7955bd9 100644
--- a/ansible/roles/forrest/vars/main.yml
+++ b/ansible/roles/forrest/vars/main.yml
@@ -5,3 +5,17 @@ grafana_smtp_password: !vault |
   36383262386365386664613431373863333963326538633535336139383433316465356236666466
   6530386564313761300a346239646234353631386530663931613861313664666633346237313863
   31623136616236363235666634303434383866346462643731346532646561656236
+grafana_smtp_user: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33613266323466316166643631393938653439383333343736313061393261366662663238303035
+  6132346334343863633232303863636230333962316633650a616661346634646666636439323032
+  63633936336361303635323064666637396335626136613431366161653062303534386637656666
+  6630623330613439640a613863326331656235313164663736643539373934636633383430346365
+  39356331376364373931393365646630316566353662356532383034616439393237
+grafana_from_email: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  62613637623430356637343861326237366162626435306336376461643062643265363438666366
+  3932333666346338366334303564343064323862373930390a333162636231663961386532326264
+  65626435353036663938356330303564346137363961313236636263333238313166656231353931
+  6161633634636337320a396661373963623661363162643161393033653032623432323536306630
+  39346665653031316261346636336566343563373165653763643831313234356532
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index 252515c..aacf536 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -45,7 +45,7 @@ api:
 certificatesResolvers:
   le:
     acme:
-      email: hosting@theorangeone.net
+      email: "{{ letsencrypt_email }}"
       storage: /etc/traefik/acme.json
       dnsChallenge:
         provider: cloudflare
diff --git a/ansible/roles/traefik/vars/main.yml b/ansible/roles/traefik/vars/main.yml
index 1b80c54..12f39e3 100644
--- a/ansible/roles/traefik/vars/main.yml
+++ b/ansible/roles/traefik/vars/main.yml
@@ -6,3 +6,11 @@ cloudflare_api_token: !vault |
   3466383231363632310a346661383838633630643236623561373962356635346162653936393562
   32646530656632393133356436653365356163313961343837633138383561376237306638313362
   3636373939656462613032653530643536643466363135346139
+
+letsencrypt_email: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  64373438363639363238333264313861316239383234633536326330333333386361646266396438
+  6330303063623032653066643838313931613030663931640a333839633630613936343530663666
+  62633331616264623932303031663130623135623566323964656162656265633863336333373538
+  3963303639373032620a363434643539393838303233653037383765363961373363333034343534
+  37663462663235613062633837373334366163636362386364356635313730363566
diff --git a/terraform/providers.tf b/terraform/providers.tf
index 3181671..111ecf4 100644
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -5,7 +5,7 @@ provider "vultr" {
 }
 
 provider "cloudflare" {
-  email   = "hosting+cloudflare@theorangeone.net"
+  email   = var.cloudflare_email
   api_key = var.cloudflare_api_key
 }
 
diff --git a/terraform/variables.tf b/terraform/variables.tf
index ac7bd92..adee3c2 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,3 +1,4 @@
 variable "vultr_api_key" {}
 variable "cloudflare_api_key" {}
+variable "cloudflare_email" {}
 variable "linode_api_token" {}