From 3e9fb3d83af90aa590a32c114c33fbc3cbabc8f8 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Thu, 4 Jan 2024 13:06:26 +0000 Subject: [PATCH] Setup infisical for immich --- .github/workflows/infra.yaml | 4 ++- infra/photos/0003_immich_playbook.yaml | 4 +-- .../photos/0004_immich_compose_playbook.yaml | 30 ------------------- requirements.txt | 1 + 4 files changed, 6 insertions(+), 33 deletions(-) delete mode 100644 infra/photos/0004_immich_compose_playbook.yaml diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 41518c8..149494b 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -29,7 +29,7 @@ jobs: apt update apt install -y python3-pip pip3 install -r requirements.txt - ansible-galaxy collection install community.general + ansible-galaxy collection install community.general infisical.vault - name: Check playbooks run: | @@ -76,4 +76,6 @@ jobs: INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }} INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }} INFISICAL_MONGO_PASSWORD: ${{ secrets.INFISICAL_MONGO_PASSWORD }} + INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }} + INFISICAL_URL: https://secrets.koval.net run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv diff --git a/infra/photos/0003_immich_playbook.yaml b/infra/photos/0003_immich_playbook.yaml index ce7f5db..24ac32e 100644 --- a/infra/photos/0003_immich_playbook.yaml +++ b/infra/photos/0003_immich_playbook.yaml @@ -25,12 +25,12 @@ ansible.builtin.replace: path: "{{ user.home }}/{{ app }}/.env" regexp: "TYPESENSE_API_KEY_VALUE" - replace: "{{ lookup('ansible.builtin.password', user.home + '/typesense_secret', length=64, chars=['ascii_letters', 'digits']) }}" + replace: "{{ lookup('infisical_vault', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY') }}" - name: Replace DB secret ansible.builtin.replace: path: "{{ user.home }}/{{ app }}/.env" regexp: "DB_PASSWORD_VALUE" - replace: "{{ lookup('ansible.builtin.password', user.home + '/db_secret', length=64, chars=['ascii_letters', 'digits']) }}" + replace: "{{ lookup('infisical_vault', env_slug='prod', path='/photos', secret_name='DB_PASSWORD') }}" - name: Docker compose up -d ansible.builtin.command: docker compose up -d args: diff --git a/infra/photos/0004_immich_compose_playbook.yaml b/infra/photos/0004_immich_compose_playbook.yaml deleted file mode 100644 index 0bbab65..0000000 --- a/infra/photos/0004_immich_compose_playbook.yaml +++ /dev/null @@ -1,30 +0,0 @@ -- name: Deploy app - hosts: photos - gather_facts: false - vars: - app: immich - tasks: - - name: Wait for connection - ansible.builtin.wait_for_connection: - timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - - name: Copy project - ansible.builtin.copy: - src: "./{{ app }}/docker-compose.yml" - dest: "{{ user.home }}/{{ app }}/docker-compose.yml" - mode: "0644" - - name: Docker compose pull - ansible.builtin.command: docker compose pull - args: - chdir: "{{ user.home }}/{{ app }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" diff --git a/requirements.txt b/requirements.txt index e844036..35aae9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ ansible proxmoxer requests +infisical