Secrets VM (#21)

Setup Infiscal according to https://infisical.com/docs/self-hosting/deployment-options/docker-compose .

Contributes to #16.

Reviewed-on: #21

infra/secrets/0003_infiscal_playbook.yaml

@@ -0,0 +1,47 @@
+- name: Deploy app
+  hosts: secrets
+  gather_facts: false
+  vars:
+    app: infisical
+  tasks:
+    - name: Wait for connection
+      ansible.builtin.wait_for_connection:
+        timeout: 300
+    - name: Get user
+      ansible.builtin.user:
+        name: debian
+      register: user
+    - name: Docker compose down
+      ansible.builtin.command: docker compose down
+      args:
+        chdir: "{{ user.home }}/{{ app }}"
+      ignore_errors: true
+    - name: Copy project
+      ansible.builtin.copy:
+        src: "./{{ app }}"
+        dest: "{{ user.home }}"
+        mode: "0744"
+    - name: Replace Encryption Key secret
+      ansible.builtin.replace:
+        path: "{{ user.home }}/{{ app }}/.env"
+        regexp: "ENCRYPTION_KEY_VALUE"
+        replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}"
+    - name: Replace Auth secret
+      ansible.builtin.replace:
+        path: "{{ user.home }}/{{ app }}/.env"
+        regexp: "AUTH_SECRET_VALUE"
+        replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}"
+    - name: Replace Mongo Password secret
+      ansible.builtin.replace:
+        path: "{{ user.home }}/{{ app }}/.env"
+        regexp: "MONGO_PASSWORD_VALUE"
+        replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}"
+    - name: Replace SMTP Password secret
+      ansible.builtin.replace:
+        path: "{{ user.home }}/{{ app }}/.env"
+        regexp: "SMTP_PASSWORD_VALUE"
+        replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
+    - name: Docker compose up -d
+      ansible.builtin.command: docker compose up -d
+      args:
+        chdir: "{{ user.home }}/{{ app }}"