Update infisical ansible

2024-06-22 00:44:08 +01:00 · 2024-06-22 00:44:08 +01:00 · 41967af509
parent eedd640d27
commit 41967af509
3 changed files with 10 additions and 5 deletions
--- a/.github/workflows/infra.yaml
+++ b/.github/workflows/infra.yaml
@ -73,8 +73,7 @@ jobs:
          PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
          SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
          SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
-          INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }}
-          INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }}
-          INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }}
+          UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
+          UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
          INFISICAL_URL: https://secrets.koval.net
        run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv
--- a/infra/photos/0003_immich_playbook.yaml
+++ b/infra/photos/0003_immich_playbook.yaml
@ -25,12 +25,16 @@
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "TYPESENSE_API_KEY_VALUE"
-        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
+        replace:
+          "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
+          path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
    - name: Replace DB secret
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "DB_PASSWORD_VALUE"
-        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
+        replace:
+          "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
+          path='/photos', secret_name='DB_PASSWORD')['value'] }}"
    - name: Docker compose pull
      ansible.builtin.command: docker compose pull
      args:
--- a/inventory/proxmox.yaml
+++ b/inventory/proxmox.yaml
@ -35,3 +35,5 @@ proxmox:
            backups:
              hosts:
                backups.srv.home.local.koval.net:
+      vars:
+        infisical_project: d102ada3-7d49-4138-9759-033ca79fe731