- name: Deploy app hosts: finance gather_facts: false vars: app: firefly-iii tasks: - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - name: Check if project exists ansible.builtin.stat: path: "$HOME/{{ app }}" register: project - name: Docker compose down when: project.stat.exists community.docker.docker_compose_v2: project_src: "$HOME/{{ app }}" state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" dest: "$HOME" mode: "0744" - name: Replace APP_KEY secret ansible.builtin.replace: path: "$HOME/{{ app }}/.env" regexp: "APP_KEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', path='/finance', secret_name='APP_KEY')['value'] }}" - name: Replace DB secret ansible.builtin.replace: path: "$HOME/{{ app }}/.env" regexp: "DB_PASSWORD_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', path='/finance', secret_name='DB_PASSWORD')['value'] }}" - name: Replace cron token secret ansible.builtin.replace: path: "$HOME/{{ app }}/.env" regexp: "STATIC_CRON_TOKEN_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', path='/finance', secret_name='STATIC_CRON_TOKEN')['value'] }}" - name: Replace SMTP Password secret (app) ansible.builtin.replace: path: "$HOME/{{ app }}/.env" regexp: "SMTP_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" - name: Replace Nordigen ID secret ansible.builtin.replace: path: "$HOME/{{ app }}/.importer.env" regexp: "NORDIGEN_ID_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', path='/finance', secret_name='NORDIGEN_ID')['value'] }}" - name: Replace Nordigen Key secret ansible.builtin.replace: path: "$HOME/{{ app }}/.importer.env" regexp: "NORDIGEN_KEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', project_id=infisical_project, env_slug='prod', path='/finance', secret_name='NORDIGEN_KEY')['value'] }}" - name: Replace SMTP Password secret (importer) ansible.builtin.replace: path: "$HOME/{{ app }}/.importer.env" regexp: "SMTP_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" - name: Docker compose up community.docker.docker_compose_v2: project_src: "$HOME/{{ app }}"