Adding Jinja macro for Vault lookup.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 6m4s
Gitea Branch PR & Ansible Deployment / Ansible Lint (push) Failing after 15m39s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Successful in 7m16s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Successful in 14m40s

This commit is contained in:
2025-06-13 21:52:09 -04:00
parent 7cf7c4a2aa
commit add421bb81
73 changed files with 191 additions and 114 deletions
+13 -12
View File
@@ -1,8 +1,9 @@
{% import '../macros/rinoa-macros.j2' as vault %}
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
"URI": "stun:netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:3478",
"Username": "",
"Password": null
}
@@ -11,9 +12,9 @@
"Turns": [
{
"Proto": "udp",
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
"URI": "turn:netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:3478",
"Username": "self",
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
"Password": "{{ vault.vault_secret('env', 'NETBIRD_TURN_PASSWORD') }}"
}
],
"CredentialsTTL": "12h",
@@ -22,14 +23,14 @@
},
"Relay": {
"Addresses": [
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
"rel://netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:33080"
],
"CredentialsTTL": "24h",
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
"Secret": "{{ vault.vault_secret('env', 'NETBIRD_RELAY_AUTH_SECRET') }}"
},
"Signal": {
"Proto": "https",
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
"URI": "netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:10001",
"Username": "",
"Password": null
},
@@ -47,14 +48,14 @@
},
"HttpConfig": {
"Address": "0.0.0.0:33073",
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
"AuthIssuer": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}",
"AuthAudience": "netbird",
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
"AuthKeysLocation": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/jwks.json",
"AuthUserIDClaim": "",
"CertFile": "",
"CertKey": "",
"IdpSignKeyRefreshEnabled": true,
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
"OIDCConfigEndpoint": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/.well-known/openid-configuration"
},
"IdpManagerConfig": {},
"DeviceAuthorizationFlow": {},
@@ -62,10 +63,10 @@
"ProviderConfig": {
"Audience": "netbird",
"ClientID": "netbird",
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
"ClientSecret": "{{ vault.vault_secret('env', 'AUTHELIA_NETBIRD_CLIENT_SECRET') }}",
"Domain": "",
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
"AuthorizationEndpoint": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/api/oidc/authorization",
"TokenEndpoint": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/api/oidc/token",
"Scope": "openid profile email offline_access api",
"RedirectURLs": [
"http://localhost:53000"
@@ -1,3 +1,4 @@
{% import '../macros/rinoa-macros.j2' as vault %}
{
"issuer": "https://id.trez.wtf",
"authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
@@ -1,3 +1,4 @@
{% import '../macros/rinoa-macros.j2' as vault %}
# Coturn TURN SERVER configuration file
#
# Boolean values note: where a boolean value is supposed to be used,
@@ -250,7 +251,7 @@ lt-cred-mech
#user=username1:key1
#user=username2:key2
# OR:
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
user=self:{{ vault.vault_secret('env', 'NETBIRD_TURN_PASSWORD') }}
#user=username2:password2
#
# Keys must be generated by turnadmin utility. The key value depends