M group_vars/all/vars.yml => group_vars/all/vars.yml +0 -4
@@ 4,8 4,4 @@ email_noreply_mail: "{{ vault_email_noreply_mail }}"
email_noreply_password: "{{ vault_email_noreply_password }}"
minio_access_key: "{{ vault_minio_access_key }}"
minio_secret_key: "{{ vault_minio_secret_key }}"
-peertube_psql_password: "{{ vault_peertube_psql_password }}"
-searx_key: "{{ vault_searx_key }}"
vault_psql_password: "{{ vault_vault_psql_password }}"
-vaultwarden_admin_token: "{{ vault_vaultwarden_admin_token }}"
-vaultwarden_psql_password: "{{ vault_vaultwarden_psql_password }}"
D group_vars/all/vault_peertube.yml => group_vars/all/vault_peertube.yml +0 -9
@@ 1,9 0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-64353763643031393332373539613236666465303935396432643633633563646366313734316561
-6331613933306365363439313961326330646431353333350a626462336233663739353133653936
-32363463653633343864326463616263636634663165333061383864623861366466663634653064
-3964333766613031300a326233643161306433653565383538376233386433333561376335623933
-61633230646561376362613261353063316461353536363637613966343532376562323061363238
-34643834313532343763393932613038626661633536363930636134643633393931303935336539
-30666664636533383162393565363134316239396465326566623966353738653035356561333836
-38386233323330383265
D group_vars/all/vault_searx.yml => group_vars/all/vault_searx.yml +0 -10
@@ 1,10 0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35653037653034353031653438653764313462303432613534333438393732303038336162393936
-3765626662376663383433393834303065363966626665630a346662326438353731393764663732
-30383136336133326462623766646266343161666635313531366639383861303530356166303732
-3934626263383831380a376537386233633837373161366665343931643734363638313233363763
-33396164336437643635306433613835653739346562663334636432316330616266323034633138
-33643465366438333934306566363031343261386462663739383734613261306461633061383837
-31363531306237616463663736353064636465393433636537363630363635363332666633613162
-30633931363130633261323633373335376230333935653739313534636337336565613636623336
-3738
D group_vars/all/vault_vaultwarden.yml => group_vars/all/vault_vaultwarden.yml +0 -14
@@ 1,14 0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-64373364333465313537363232336262616534326535343635303062383139303530633632343435
-6235303863653262373336616566313337326330343837310a636330626433396361663763313233
-36643237373666626333383961326663303862643737333539643332343937643837643737653130
-6264383638313039660a613637306466366463633332316161613931303237306638636230363830
-34666230393538353130653438306432396539353862356331396538343166653538663136376236
-39366665396335393635636439613163663533306263666361306663373632393466353563663836
-36346636613533623865326262386437666431366633336565313335393334656438623836663734
-62343731666134343164383339353734623532656335666265303635323164343439333237303834
-31333262633261366439323931333135666334653763313430326163336165303531643464363232
-66376163356437383739633636643035366136633161356637306433386461353430613635316565
-38303331396161613433303761313762386135623532386463666161383331633730643061303939
-38393666656463373061366164326330663130353434613566393637636334613864363230393963
-3864
M roles/peertube/tasks/main.yml => roles/peertube/tasks/main.yml +5 -1
@@ 1,4 1,8 @@
---
+- name: Get secrets
+ ansible.builtin.set_fact:
+ peertube_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/peertube') }}"
+
- name: Install nodejs and yarn
community.general.pacman:
name: nodejs-lts-fermium,yarn
@@ 19,7 23,7 @@
community.general.postgresql_user:
db: peertube
name: peertube
- password: "{{ peertube_psql_password }}"
+ password: "{{ peertube_secrets['psql_password'] }}"
priv: ALL
become: true
become_user: postgres
M roles/peertube/templates/production.yaml.j2 => roles/peertube/templates/production.yaml.j2 +1 -1
@@ 39,7 39,7 @@ database:
ssl: false
suffix: ""
username: "peertube"
- password: "{{ peertube_psql_password }}"
+ password: "{{ peertube_secrets['psql_password'] }}"
pool:
max: 5
M roles/searx/tasks/main.yml => roles/searx/tasks/main.yml +4 -0
@@ 1,4 1,8 @@
---
+- name: Get secrets
+ ansible.builtin.set_fact:
+ searx_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/searx') }}"
+
- name: install
community.general.pacman:
name: searx
M roles/searx/templates/settings.yml.j2 => roles/searx/templates/settings.yml.j2 +1 -1
@@ 13,7 13,7 @@ search:
server:
port: 8888
bind_address: "127.0.0.1" # address to listen on
- secret_key: "{{ searx_key }}"
+ secret_key: "{{ searx_secrets['secret_key'] }}"
base_url: "https://search.xenrox.net" # Set custom base_url. Possible values: False or "https://your.custom.host/location/"
image_proxy: True # Proxying image results through searx
http_protocol_version: "1.0" # 1.0 and 1.1 are supported
M roles/vaultwarden/tasks/main.yml => roles/vaultwarden/tasks/main.yml +5 -1
@@ 1,4 1,8 @@
---
+- name: Get secrets
+ ansible.builtin.set_fact:
+ vaultwarden_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/vaultwarden') }}"
+
- name: install
community.general.pacman:
name: "{{ vaultwarden_packages }}"
@@ 14,7 18,7 @@
community.general.postgresql_user:
db: vaultwarden
name: vaultwarden
- password: "{{ vaultwarden_psql_password }}"
+ password: "{{ vaultwarden_secrets['psql_password'] }}"
become: true
become_user: postgres
no_log: true
M roles/vaultwarden/templates/vaultwarden.env.j2 => roles/vaultwarden/templates/vaultwarden.env.j2 +2 -2
@@ 18,7 18,7 @@ DATA_FOLDER=/var/lib/vaultwarden
## Details:
## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
-DATABASE_URL=postgresql://vaultwarden:{{ vaultwarden_psql_password }}@127.0.0.1/vaultwarden
+DATABASE_URL=postgresql://vaultwarden:{{ vaultwarden_secrets['psql_password'] }}@127.0.0.1/vaultwarden
## Database max connections
## Define the size of the connection pool used for connecting to the database.
@@ 183,7 183,7 @@ SIGNUPS_VERIFY=true
## Token for the admin interface, preferably use a long random string
## One option is to use 'openssl rand -base64 48'
## If not set, the admin panel is disabled
-ADMIN_TOKEN={{ vaultwarden_admin_token }}
+ADMIN_TOKEN={{ vaultwarden_secrets['admin_token'] }}
## Enable this to bypass the admin panel security. This option is only
## meant to be used with the use of a separate auth layer in front