Setup infisical for immich
Infrastructure / Check and run Ansbile playbooks (pull_request) Successful in 1m49s
Details
Infrastructure / Check and run Ansbile playbooks (pull_request) Successful in 1m49s
Details
This commit is contained in:
parent
a8b7b1df4a
commit
3e9fb3d83a
|
@ -29,7 +29,7 @@ jobs:
|
||||||
apt update
|
apt update
|
||||||
apt install -y python3-pip
|
apt install -y python3-pip
|
||||||
pip3 install -r requirements.txt
|
pip3 install -r requirements.txt
|
||||||
ansible-galaxy collection install community.general
|
ansible-galaxy collection install community.general infisical.vault
|
||||||
|
|
||||||
- name: Check playbooks
|
- name: Check playbooks
|
||||||
run: |
|
run: |
|
||||||
|
@ -76,4 +76,6 @@ jobs:
|
||||||
INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }}
|
INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }}
|
||||||
INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }}
|
INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }}
|
||||||
INFISICAL_MONGO_PASSWORD: ${{ secrets.INFISICAL_MONGO_PASSWORD }}
|
INFISICAL_MONGO_PASSWORD: ${{ secrets.INFISICAL_MONGO_PASSWORD }}
|
||||||
|
INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }}
|
||||||
|
INFISICAL_URL: https://secrets.koval.net
|
||||||
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv
|
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv
|
||||||
|
|
|
@ -25,12 +25,12 @@
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "{{ user.home }}/{{ app }}/.env"
|
||||||
regexp: "TYPESENSE_API_KEY_VALUE"
|
regexp: "TYPESENSE_API_KEY_VALUE"
|
||||||
replace: "{{ lookup('ansible.builtin.password', user.home + '/typesense_secret', length=64, chars=['ascii_letters', 'digits']) }}"
|
replace: "{{ lookup('infisical_vault', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY') }}"
|
||||||
- name: Replace DB secret
|
- name: Replace DB secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "{{ user.home }}/{{ app }}/.env"
|
||||||
regexp: "DB_PASSWORD_VALUE"
|
regexp: "DB_PASSWORD_VALUE"
|
||||||
replace: "{{ lookup('ansible.builtin.password', user.home + '/db_secret', length=64, chars=['ascii_letters', 'digits']) }}"
|
replace: "{{ lookup('infisical_vault', env_slug='prod', path='/photos', secret_name='DB_PASSWORD') }}"
|
||||||
- name: Docker compose up -d
|
- name: Docker compose up -d
|
||||||
ansible.builtin.command: docker compose up -d
|
ansible.builtin.command: docker compose up -d
|
||||||
args:
|
args:
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
- name: Deploy app
|
|
||||||
hosts: photos
|
|
||||||
gather_facts: false
|
|
||||||
vars:
|
|
||||||
app: immich
|
|
||||||
tasks:
|
|
||||||
- name: Wait for connection
|
|
||||||
ansible.builtin.wait_for_connection:
|
|
||||||
timeout: 300
|
|
||||||
- name: Get user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: debian
|
|
||||||
register: user
|
|
||||||
- name: Docker compose down
|
|
||||||
ansible.builtin.command: docker compose down
|
|
||||||
args:
|
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
||||||
- name: Copy project
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: "./{{ app }}/docker-compose.yml"
|
|
||||||
dest: "{{ user.home }}/{{ app }}/docker-compose.yml"
|
|
||||||
mode: "0644"
|
|
||||||
- name: Docker compose pull
|
|
||||||
ansible.builtin.command: docker compose pull
|
|
||||||
args:
|
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
||||||
- name: Docker compose up -d
|
|
||||||
ansible.builtin.command: docker compose up -d
|
|
||||||
args:
|
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
|
@ -1,3 +1,4 @@
|
||||||
ansible
|
ansible
|
||||||
proxmoxer
|
proxmoxer
|
||||||
requests
|
requests
|
||||||
|
infisical
|
||||||
|
|
Loading…
Reference in New Issue