Migrate Photos VM to read secrets from Infisical (#25)

#21 provisioned an Infisical service (https://secrets.koval.net/). We can use this instead of the hacky solution that can explode. Contributes to and closes #16. Reviewed-on: #25
2024-01-04 13:09:16 +00:00
parent a8b7b1df4a
commit 8529d56c44
4 changed files with 6 additions and 33 deletions
--- a/infra/photos/0003_immich_playbook.yaml
+++ b/infra/photos/0003_immich_playbook.yaml
@@ -25,12 +25,12 @@
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "TYPESENSE_API_KEY_VALUE"
-        replace: "{{ lookup('ansible.builtin.password', user.home + '/typesense_secret', length=64, chars=['ascii_letters', 'digits']) }}"
+        replace: "{{ lookup('infisical_vault', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY') }}"
    - name: Replace DB secret
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "DB_PASSWORD_VALUE"
-        replace: "{{ lookup('ansible.builtin.password', user.home + '/db_secret', length=64, chars=['ascii_letters', 'digits']) }}"
+        replace: "{{ lookup('infisical_vault', env_slug='prod', path='/photos', secret_name='DB_PASSWORD') }}"
    - name: Docker compose up -d
      ansible.builtin.command: docker compose up -d
      args:
--- a/infra/photos/0004_immich_compose_playbook.yaml
+++ b/infra/photos/0004_immich_compose_playbook.yaml
@@ -1,30 +0,0 @@
- name: Deploy app
-  hosts: photos
-  gather_facts: false
-  vars:
-    app: immich
-  tasks:
-    - name: Wait for connection
-      ansible.builtin.wait_for_connection:
-        timeout: 300
-    - name: Get user
-      ansible.builtin.user:
-        name: debian
-      register: user
-    - name: Docker compose down
-      ansible.builtin.command: docker compose down
-      args:
-        chdir: "{{ user.home }}/{{ app }}"
-    - name: Copy project
-      ansible.builtin.copy:
-        src: "./{{ app }}/docker-compose.yml"
-        dest: "{{ user.home }}/{{ app }}/docker-compose.yml"
-        mode: "0644"
-    - name: Docker compose pull
-      ansible.builtin.command: docker compose pull
-      args:
-        chdir: "{{ user.home }}/{{ app }}"
-    - name: Docker compose up -d
-      ansible.builtin.command: docker compose up -d
-      args:
-        chdir: "{{ user.home }}/{{ app }}"