verschiebe mehr secrets in den vault

templates/docker-compose.yaml.j2

@@ -25,7 +25,6 @@ services:
     user: "{{ git_user.uid }}:{{ git_user.group }}"
     env_file: ./environment.env
     environment:
-      - GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] | default('') }}
       - GITEA__database__DB_TYPE=mysql
       - GITEA__database__HOST=db:3306
       - GITEA__database__NAME=gitea
@@ -42,8 +41,8 @@ services:
     environment:
       - MYSQL_DATABASE=gitea
       - MYSQL_USER=gitea
-      - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['db_secret'] }}"
-      - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['db_root_secret'] }}"
+      - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['passwd'] }}"
+      - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['root_passwd'] }}"
     networks:
       - gitea
     volumes:

templates/environment.env.j2

@@ -59,6 +59,9 @@ GITEA__mailer__ENABLE_HELO={{ gitea_vars.mailer.enable_helo }}
 {% if 'user' in gitea_vars['mailer'] %}
 GITEA__mailer__USER={{ gitea_vars.mailer.user }}
 {% endif %}
+{% if 'passwd' in vault[inventory_hostname]['gitea']['mailer'] %}
+GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] }}
+{% endif %}
 {% endif %} {# /mailer #}
 
 {% if 'repository' in gitea_vars %}
@@ -101,8 +104,8 @@ GITEA__attachment__MINIO_ENDPOINT={{ gitea_vars.attachment.minio_endpoint }}
 {% if 'minio_access_key_id' in gitea_vars['attachment'] %}
 GITEA__attachment__MINIO_ACCESS_KEY_ID={{ gitea_vars.attachment.minio_access_key_id }}
 {% endif %}
-{% if 'minio_secret_access_key' in gitea_vars['attachment'] %}
-GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ gitea_vars.attachment.minio_secret_access_key }}
+{% if 'minio_secret_access_key' in vault[inventory_hostname]['gitea']['attachment'] %}
+GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ vault[inventory_hostname]['gitea']['attachment']['minio_secret_access_key'] }}
 {% endif %}
 {% if 'minio_bucket' in gitea_vars['attachment'] %}
 GITEA__attachment__MINIO_BUCKET={{ gitea_vars.attachment.minio_bucket }}
@@ -160,8 +163,8 @@ GITEA__ssh.minimum_key_sizes__DSA={{ gitea_vars.ssh.minimum_key_sizes.dsa }}
 {% if 'install_lock' in gitea_vars['security'] %}
 GITEA__security__INSTALL_LOCK={{ gitea_vars.security.install_lock }}
 {% endif %}
-{% if 'secret_key' in gitea_vars['security'] %}
-GITEA__security__SECRET_KEY={{ gitea_vars.security.secret_key }}
+{% if 'secret_key' in vault[inventory_hostname]['gitea']['security'] %}
+GITEA__security__SECRET_KEY={{ vault[inventory_hostname]['gitea']['security']['secret_key'] }}
 {% endif %}
 {% if 'secret_key_uri' in gitea_vars['security'] %}
 GITEA__security__SECRET_KEY_URI={{ gitea_vars.security.secret_key_uri }}