sporq/ansible-role-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

verschiebe mehr secrets in den vault

Browse Source
This commit is contained in:
Marius Alwan Meyer 2023-03-11 23:28:36 +01:00
parent a141151d9e
commit e948fc7bb8
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
templates/docker-compose.yaml.j2
View File

@ -25,7 +25,6 @@ services:
user: "{{ git_user.uid }}:{{ git_user.group }}" user: "{{ git_user.uid }}:{{ git_user.group }}"
env_file: ./environment.env env_file: ./environment.env
environment: environment:
- GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] | default('') }}
- GITEA__database__DB_TYPE=mysql - GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=db:3306 - GITEA__database__HOST=db:3306
- GITEA__database__NAME=gitea - GITEA__database__NAME=gitea
@ -42,8 +41,8 @@ services:
environment: environment:
- MYSQL_DATABASE=gitea - MYSQL_DATABASE=gitea
- MYSQL_USER=gitea - MYSQL_USER=gitea
- "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['db_secret'] }}" - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['passwd'] }}"
- "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['db_root_secret'] }}" - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['root_passwd'] }}"
networks: networks:
- gitea - gitea
volumes: volumes:

11
templates/environment.env.j2
View File

@ -59,6 +59,9 @@ GITEA__mailer__ENABLE_HELO={{ gitea_vars.mailer.enable_helo }}
{% if 'user' in gitea_vars['mailer'] %} {% if 'user' in gitea_vars['mailer'] %}
GITEA__mailer__USER={{ gitea_vars.mailer.user }} GITEA__mailer__USER={{ gitea_vars.mailer.user }}
{% endif %} {% endif %}
{% if 'passwd' in vault[inventory_hostname]['gitea']['mailer'] %}
GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] }}
{% endif %}
{% endif %} {# /mailer #} {% endif %} {# /mailer #}
{% if 'repository' in gitea_vars %} {% if 'repository' in gitea_vars %}
@ -101,8 +104,8 @@ GITEA__attachment__MINIO_ENDPOINT={{ gitea_vars.attachment.minio_endpoint }}
{% if 'minio_access_key_id' in gitea_vars['attachment'] %} {% if 'minio_access_key_id' in gitea_vars['attachment'] %}
GITEA__attachment__MINIO_ACCESS_KEY_ID={{ gitea_vars.attachment.minio_access_key_id }} GITEA__attachment__MINIO_ACCESS_KEY_ID={{ gitea_vars.attachment.minio_access_key_id }}
{% endif %} {% endif %}
{% if 'minio_secret_access_key' in gitea_vars['attachment'] %} {% if 'minio_secret_access_key' in vault[inventory_hostname]['gitea']['attachment'] %}
GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ gitea_vars.attachment.minio_secret_access_key }} GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ vault[inventory_hostname]['gitea']['attachment']['minio_secret_access_key'] }}
{% endif %} {% endif %}
{% if 'minio_bucket' in gitea_vars['attachment'] %} {% if 'minio_bucket' in gitea_vars['attachment'] %}
GITEA__attachment__MINIO_BUCKET={{ gitea_vars.attachment.minio_bucket }} GITEA__attachment__MINIO_BUCKET={{ gitea_vars.attachment.minio_bucket }}
@ -160,8 +163,8 @@ GITEA__ssh.minimum_key_sizes__DSA={{ gitea_vars.ssh.minimum_key_sizes.dsa }}
{% if 'install_lock' in gitea_vars['security'] %} {% if 'install_lock' in gitea_vars['security'] %}
GITEA__security__INSTALL_LOCK={{ gitea_vars.security.install_lock }} GITEA__security__INSTALL_LOCK={{ gitea_vars.security.install_lock }}
{% endif %} {% endif %}
{% if 'secret_key' in gitea_vars['security'] %} {% if 'secret_key' in vault[inventory_hostname]['gitea']['security'] %}
GITEA__security__SECRET_KEY={{ gitea_vars.security.secret_key }} GITEA__security__SECRET_KEY={{ vault[inventory_hostname]['gitea']['security']['secret_key'] }}
{% endif %} {% endif %}
{% if 'secret_key_uri' in gitea_vars['security'] %} {% if 'secret_key_uri' in gitea_vars['security'] %}
GITEA__security__SECRET_KEY_URI={{ gitea_vars.security.secret_key_uri }} GITEA__security__SECRET_KEY_URI={{ gitea_vars.security.secret_key_uri }}