Cleanup Ansible Playbooks #41
|
@ -29,7 +29,7 @@ jobs:
|
||||||
apt update
|
apt update
|
||||||
apt install -y python3-pip
|
apt install -y python3-pip
|
||||||
pip3 install -r requirements.txt
|
pip3 install -r requirements.txt
|
||||||
ansible-galaxy collection install community.general infisical.vault
|
ansible-galaxy collection install community.general community.docker infisical.vault --force
|
||||||
|
|
||||||
- name: Check playbooks
|
- name: Check playbooks
|
||||||
run: |
|
run: |
|
||||||
|
|
|
@ -7,46 +7,39 @@
|
||||||
- name: Wait for connection
|
- name: Wait for connection
|
||||||
ansible.builtin.wait_for_connection:
|
ansible.builtin.wait_for_connection:
|
||||||
timeout: 300
|
timeout: 300
|
||||||
- name: Get user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: debian
|
|
||||||
register: user
|
|
||||||
- name: Docker compose down
|
- name: Docker compose down
|
||||||
ansible.builtin.command: docker compose down
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
state: absent
|
||||||
ignore_errors: true
|
|
||||||
- name: Copy project
|
- name: Copy project
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./{{ app }}"
|
src: "./{{ app }}"
|
||||||
dest: "{{ user.home }}"
|
dest: "$HOME"
|
||||||
mode: "0744"
|
mode: "0744"
|
||||||
|
|
||||||
- name: Replace LastFM API key secret
|
- name: Replace LastFM API key secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "LASTFM_APIKEY_VALUE"
|
regexp: "LASTFM_APIKEY_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}"
|
||||||
- name: Replace LastFM secret
|
- name: Replace LastFM secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "LASTFM_SECRET_VALUE"
|
regexp: "LASTFM_SECRET_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}"
|
||||||
- name: Replace Mongo Password secret
|
- name: Replace Mongo Password secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "SPOTIFY_ID_VALUE"
|
regexp: "SPOTIFY_ID_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}"
|
||||||
- name: Replace SMTP Password secret
|
- name: Replace SMTP Password secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "SPOTIFY_SECRET_VALUE"
|
regexp: "SPOTIFY_SECRET_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}"
|
||||||
|
|
||||||
- name: Docker compose up -d
|
- name: Docker compose up
|
||||||
ansible.builtin.command: docker compose up -d
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
||||||
|
|
||||||
- name: Update data permissions
|
- name: Update data permissions
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
|
@ -7,31 +7,25 @@
|
||||||
- name: Wait for connection
|
- name: Wait for connection
|
||||||
ansible.builtin.wait_for_connection:
|
ansible.builtin.wait_for_connection:
|
||||||
timeout: 300
|
timeout: 300
|
||||||
- name: Get user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: debian
|
|
||||||
register: user
|
|
||||||
- name: Docker compose down
|
- name: Docker compose down
|
||||||
ansible.builtin.command: docker compose down
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
state: absent
|
||||||
ignore_errors: true
|
|
||||||
- name: Copy project
|
- name: Copy project
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./{{ app }}"
|
src: "./{{ app }}"
|
||||||
dest: "{{ user.home }}"
|
dest: "$HOME"
|
||||||
mode: "0744"
|
mode: "0744"
|
||||||
- name: Replace Typesense secret
|
- name: Replace Typesense secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "TYPESENSE_API_KEY_VALUE"
|
regexp: "TYPESENSE_API_KEY_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
|
||||||
- name: Replace DB secret
|
- name: Replace DB secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "DB_PASSWORD_VALUE"
|
regexp: "DB_PASSWORD_VALUE"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
|
||||||
- name: Docker compose up -d
|
- name: Docker compose up -d
|
||||||
ansible.builtin.command: docker compose up -d
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
||||||
|
|
|
@ -7,32 +7,25 @@
|
||||||
- name: Wait for connection
|
- name: Wait for connection
|
||||||
ansible.builtin.wait_for_connection:
|
ansible.builtin.wait_for_connection:
|
||||||
timeout: 300
|
timeout: 300
|
||||||
- name: Get user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: debian
|
|
||||||
register: user
|
|
||||||
|
|
||||||
- name: Docker compose down
|
- name: Docker compose down
|
||||||
ansible.builtin.command: docker compose down
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
state: absent
|
||||||
ignore_errors: true
|
|
||||||
- name: Copy project
|
- name: Copy project
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./{{ app }}"
|
src: "./{{ app }}"
|
||||||
dest: "{{ user.home }}"
|
dest: "$HOME"
|
||||||
mode: "0744"
|
mode: "0744"
|
||||||
|
|
||||||
- name: Replace KVK Password secret
|
- name: Replace KVK Password secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/config.yml"
|
path: "$HOME/{{ app }}/config.yml"
|
||||||
regexp: "KVK_PASSWORD"
|
regexp: "KVK_PASSWORD"
|
||||||
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}"
|
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}"
|
||||||
|
|
||||||
- name: Docker compose up -d
|
- name: Docker compose up
|
||||||
ansible.builtin.command: docker compose up -d
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
||||||
|
|
||||||
- name: Update samba permissions
|
- name: Update samba permissions
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
|
@ -7,43 +7,37 @@
|
||||||
- name: Wait for connection
|
- name: Wait for connection
|
||||||
ansible.builtin.wait_for_connection:
|
ansible.builtin.wait_for_connection:
|
||||||
timeout: 300
|
timeout: 300
|
||||||
- name: Get user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: debian
|
|
||||||
register: user
|
|
||||||
- name: Docker compose down
|
- name: Docker compose down
|
||||||
ansible.builtin.command: docker compose down
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
state: absent
|
||||||
ignore_errors: true
|
|
||||||
- name: Copy project
|
- name: Copy project
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./{{ app }}"
|
src: "./{{ app }}"
|
||||||
dest: "{{ user.home }}"
|
dest: "$HOME"
|
||||||
mode: "0744"
|
mode: "0744"
|
||||||
|
|
||||||
- name: Replace Encryption Key secret
|
- name: Replace Encryption Key secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "ENCRYPTION_KEY_VALUE"
|
regexp: "ENCRYPTION_KEY_VALUE"
|
||||||
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}"
|
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}"
|
||||||
- name: Replace Auth secret
|
- name: Replace Auth secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "AUTH_SECRET_VALUE"
|
regexp: "AUTH_SECRET_VALUE"
|
||||||
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}"
|
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}"
|
||||||
- name: Replace Mongo Password secret
|
- name: Replace Mongo Password secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "MONGO_PASSWORD_VALUE"
|
regexp: "MONGO_PASSWORD_VALUE"
|
||||||
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}"
|
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}"
|
||||||
- name: Replace SMTP Password secret
|
- name: Replace SMTP Password secret
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
path: "{{ user.home }}/{{ app }}/.env"
|
path: "$HOME/{{ app }}/.env"
|
||||||
regexp: "SMTP_PASSWORD_VALUE"
|
regexp: "SMTP_PASSWORD_VALUE"
|
||||||
replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
|
replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
|
||||||
|
|
||||||
- name: Docker compose up -d
|
- name: Docker compose up -d
|
||||||
ansible.builtin.command: docker compose up -d
|
community.docker.docker_compose_v2:
|
||||||
args:
|
project_src: "$HOME/{{ app }}"
|
||||||
chdir: "{{ user.home }}/{{ app }}"
|
|
||||||
|
|
Loading…
Reference in New Issue