Update infisical ansible
Infrastructure / Check and run Ansbile playbooks (push) Failing after 2m11s Details

This commit is contained in:
Gleb Koval 2024-06-22 00:44:08 +01:00
parent eedd640d27
commit 41967af509
Signed by: cyclane
GPG Key ID: 15E168A8B332382C
3 changed files with 10 additions and 5 deletions

View File

@ -73,8 +73,7 @@ jobs:
PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }}
INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }}
INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }}
UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
INFISICAL_URL: https://secrets.koval.net
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv

View File

@ -25,12 +25,16 @@
ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env"
regexp: "TYPESENSE_API_KEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
replace:
"{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
- name: Replace DB secret
ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env"
regexp: "DB_PASSWORD_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
replace:
"{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
path='/photos', secret_name='DB_PASSWORD')['value'] }}"
- name: Docker compose pull
ansible.builtin.command: docker compose pull
args:

View File

@ -35,3 +35,5 @@ proxmox:
backups:
hosts:
backups.srv.home.local.koval.net:
vars:
infisical_project: d102ada3-7d49-4138-9759-033ca79fe731