Update infisical ansible
Infrastructure / Check and run Ansbile playbooks (push) Failing after 2m11s
Details
Infrastructure / Check and run Ansbile playbooks (push) Failing after 2m11s
Details
This commit is contained in:
parent
eedd640d27
commit
41967af509
|
@ -73,8 +73,7 @@ jobs:
|
||||||
PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
|
PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
|
||||||
SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
|
SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
|
||||||
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
|
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
|
||||||
INFISICAL_ENCRYPTION_KEY: ${{ secrets.INFISICAL_ENCRYPTION_KEY }}
|
UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}
|
||||||
INFISICAL_AUTH_SECRET: ${{ secrets.INFISICAL_AUTH_SECRET }}
|
UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_SECRET: ${{ secrets.INFISICAL_CLIENT_SECRET }}
|
||||||
INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN }}
|
|
||||||
INFISICAL_URL: https://secrets.koval.net
|
INFISICAL_URL: https://secrets.koval.net
|
||||||
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv
|
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} -vv
|
||||||
|
|
|
@ -25,12 +25,16 @@
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "{{ user.home }}/{{ app }}/.env"
|
||||||
regexp: "TYPESENSE_API_KEY_VALUE"
|
regexp: "TYPESENSE_API_KEY_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
|
replace:
|
||||||
|
"{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
|
||||||
|
path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
|
||||||
- name: Replace DB secret
|
- name: Replace DB secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "{{ user.home }}/{{ app }}/.env"
|
||||||
regexp: "DB_PASSWORD_VALUE"
|
regexp: "DB_PASSWORD_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
|
replace:
|
||||||
|
"{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod',
|
||||||
|
path='/photos', secret_name='DB_PASSWORD')['value'] }}"
|
||||||
- name: Docker compose pull
|
- name: Docker compose pull
|
||||||
ansible.builtin.command: docker compose pull
|
ansible.builtin.command: docker compose pull
|
||||||
args:
|
args:
|
||||||
|
|
|
@ -35,3 +35,5 @@ proxmox:
|
||||||
backups:
|
backups:
|
||||||
hosts:
|
hosts:
|
||||||
backups.srv.home.local.koval.net:
|
backups.srv.home.local.koval.net:
|
||||||
|
vars:
|
||||||
|
infisical_project: d102ada3-7d49-4138-9759-033ca79fe731
|
||||||
|
|
Loading…
Reference in New Issue