From 41967af50962a6e29c0bdae964aa1ac6ba151af7 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Sat, 22 Jun 2024 00:44:08 +0100 Subject: [PATCH] Update infisical ansible --- .github/workflows/infra.yaml | 5 ++--- infra/photos/0003_immich_playbook.yaml | 8 ++++++-- inventory/proxmox.yaml | 2 ++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 851b20d..f922e8a 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -73,8 +73,7 @@ jobs: PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }} SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }} SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} - INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }} - INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }} - INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }} + UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }} + UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }} INFISICAL_URL: https://secrets.koval.net run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv diff --git a/infra/photos/0003_immich_playbook.yaml b/infra/photos/0003_immich_playbook.yaml index 2e7a248..a017948 100644 --- a/infra/photos/0003_immich_playbook.yaml +++ b/infra/photos/0003_immich_playbook.yaml @@ -25,12 +25,16 @@ ansible.builtin.replace: path: "{{ user.home }}/{{ app }}/.env" regexp: "TYPESENSE_API_KEY_VALUE" - replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" + replace: + "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', + path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" - name: Replace DB secret ansible.builtin.replace: path: "{{ user.home }}/{{ app }}/.env" regexp: "DB_PASSWORD_VALUE" - replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" + replace: + "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', + path='/photos', secret_name='DB_PASSWORD')['value'] }}" - name: Docker compose pull ansible.builtin.command: docker compose pull args: diff --git a/inventory/proxmox.yaml b/inventory/proxmox.yaml index eba18c0..9409822 100644 --- a/inventory/proxmox.yaml +++ b/inventory/proxmox.yaml @@ -35,3 +35,5 @@ proxmox: backups: hosts: backups.srv.home.local.koval.net: + vars: + infisical_project: d102ada3-7d49-4138-9759-033ca79fe731