Finance VM (#53)

Finance manager service using Firefly III. Reviewed-on: #53
2024-03-30 00:17:11 +00:00
parent 9f51ce02d6
commit 22b5241751
9 changed files with 910 additions and 0 deletions
--- a/infra/finance/0003_firefly-iii_playbook.yaml
+++ b/infra/finance/0003_firefly-iii_playbook.yaml
@@ -0,0 +1,59 @@
+- name: Deploy app
+  hosts: finance
+  gather_facts: false
+  vars:
+    app: firefly-iii
+  tasks:
+    - name: Wait for connection
+      ansible.builtin.wait_for_connection:
+        timeout: 300
+    - name: Docker compose down
+      community.docker.docker_compose_v2:
+        project_src: "$HOME/{{ app }}"
+        state: absent
+    - name: Copy project
+      ansible.builtin.copy:
+        src: "./{{ app }}"
+        dest: "$HOME"
+        mode: "0744"
+
+    - name: Replace APP_KEY secret
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.env"
+        regexp: "APP_KEY_VALUE"
+        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/finance', secret_name='APP_KEY')['value'] }}"
+    - name: Replace DB secret
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.env"
+        regexp: "DB_PASSWORD_VALUE"
+        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/finance', secret_name='DB_PASSWORD')['value'] }}"
+    - name: Replace cron token secret
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.env"
+        regexp: "STATIC_CRON_TOKEN_VALUE"
+        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/finance', secret_name='STATIC_CRON_TOKEN')['value'] }}"
+    - name: Replace SMTP Password secret (app)
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.env"
+        regexp: "SMTP_PASSWORD_VALUE"
+        replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
+
+    - name: Replace Nordigen ID secret
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.importer.env"
+        regexp: "NORDIGEN_ID_VALUE"
+        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/finance', secret_name='NORDIGEN_ID')['value'] }}"
+    - name: Replace Nordigen Key secret
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.importer.env"
+        regexp: "NORDIGEN_KEY_VALUE"
+        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/finance', secret_name='NORDIGEN_KEY')['value'] }}"
+    - name: Replace SMTP Password secret (importer)
+      ansible.builtin.replace:
+        path: "$HOME/{{ app }}/.importer.env"
+        regexp: "SMTP_PASSWORD_VALUE"
+        replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
+
+    - name: Docker compose up -d
+      community.docker.docker_compose_v2:
+        project_src: "$HOME/{{ app }}"