cyclane/kovalhome
1
1
Fork 0
Code Issues 7 Pull Requests 1 Actions Packages Projects 3 Releases Activity

Update infisical ansible
Some checks failed
Infrastructure / Check and run Ansbile playbooks (push) Failing after 2m11s
Details

Browse Source
This commit is contained in:
Gleb Koval
2024-06-22 00:44:08 +01:00
parent eedd640d27
commit 41967af509
3 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/infra.yaml vendored
View File

@@ -73,8 +73,7 @@ jobs:
PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }} PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }} SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }} UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }} UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }}
INFISICAL_URL: https://secrets.koval.net INFISICAL_URL: https://secrets.koval.net
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv

8
infra/photos/0003_immich_playbook.yaml
View File

@@ -25,12 +25,16 @@
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "{{ user.home }}/{{ app }}/.env"
regexp: "TYPESENSE_API_KEY_VALUE" regexp: "TYPESENSE_API_KEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" replace:
"{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
- name: Replace DB secret - name: Replace DB secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "{{ user.home }}/{{ app }}/.env"
regexp: "DB_PASSWORD_VALUE" regexp: "DB_PASSWORD_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" replace:
"{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
path='/photos', secret_name='DB_PASSWORD')['value'] }}"
- name: Docker compose pull - name: Docker compose pull
ansible.builtin.command: docker compose pull ansible.builtin.command: docker compose pull
args: args:

2
inventory/proxmox.yaml
View File

@@ -35,3 +35,5 @@ proxmox:
backups: backups:
hosts: hosts:
backups.srv.home.local.koval.net: backups.srv.home.local.koval.net:
vars:
infisical_project: d102ada3-7d49-4138-9759-033ca79fe731