Adding Jinja macro for Vault lookup.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 6m4s
Gitea Branch PR & Ansible Deployment / Ansible Lint (push) Failing after 15m39s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Successful in 7m16s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Successful in 14m40s
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 6m4s
Gitea Branch PR & Ansible Deployment / Ansible Lint (push) Failing after 15m39s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Successful in 7m16s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Successful in 14m40s
This commit is contained in:
@@ -1,8 +1,9 @@
|
||||
{% import '../macros/rinoa-macros.j2' as vault %}
|
||||
{
|
||||
"Stuns": [
|
||||
{
|
||||
"Proto": "udp",
|
||||
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
||||
"URI": "stun:netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:3478",
|
||||
"Username": "",
|
||||
"Password": null
|
||||
}
|
||||
@@ -11,9 +12,9 @@
|
||||
"Turns": [
|
||||
{
|
||||
"Proto": "udp",
|
||||
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
||||
"URI": "turn:netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:3478",
|
||||
"Username": "self",
|
||||
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
|
||||
"Password": "{{ vault.vault_secret('env', 'NETBIRD_TURN_PASSWORD') }}"
|
||||
}
|
||||
],
|
||||
"CredentialsTTL": "12h",
|
||||
@@ -22,14 +23,14 @@
|
||||
},
|
||||
"Relay": {
|
||||
"Addresses": [
|
||||
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
|
||||
"rel://netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:33080"
|
||||
],
|
||||
"CredentialsTTL": "24h",
|
||||
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
||||
"Secret": "{{ vault.vault_secret('env', 'NETBIRD_RELAY_AUTH_SECRET') }}"
|
||||
},
|
||||
"Signal": {
|
||||
"Proto": "https",
|
||||
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
|
||||
"URI": "netbird.{{ vault.vault_secret('env', 'MY_TLD') }}:10001",
|
||||
"Username": "",
|
||||
"Password": null
|
||||
},
|
||||
@@ -47,14 +48,14 @@
|
||||
},
|
||||
"HttpConfig": {
|
||||
"Address": "0.0.0.0:33073",
|
||||
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
||||
"AuthIssuer": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}",
|
||||
"AuthAudience": "netbird",
|
||||
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
||||
"AuthKeysLocation": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/jwks.json",
|
||||
"AuthUserIDClaim": "",
|
||||
"CertFile": "",
|
||||
"CertKey": "",
|
||||
"IdpSignKeyRefreshEnabled": true,
|
||||
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
||||
"OIDCConfigEndpoint": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/.well-known/openid-configuration"
|
||||
},
|
||||
"IdpManagerConfig": {},
|
||||
"DeviceAuthorizationFlow": {},
|
||||
@@ -62,10 +63,10 @@
|
||||
"ProviderConfig": {
|
||||
"Audience": "netbird",
|
||||
"ClientID": "netbird",
|
||||
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
||||
"ClientSecret": "{{ vault.vault_secret('env', 'AUTHELIA_NETBIRD_CLIENT_SECRET') }}",
|
||||
"Domain": "",
|
||||
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
||||
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
||||
"AuthorizationEndpoint": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/api/oidc/authorization",
|
||||
"TokenEndpoint": "https://auth.{{ vault.vault_secret('env', 'MY_TLD') }}/api/oidc/token",
|
||||
"Scope": "openid profile email offline_access api",
|
||||
"RedirectURLs": [
|
||||
"http://localhost:53000"
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
{% import '../macros/rinoa-macros.j2' as vault %}
|
||||
{
|
||||
"issuer": "https://id.trez.wtf",
|
||||
"authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
{% import '../macros/rinoa-macros.j2' as vault %}
|
||||
# Coturn TURN SERVER configuration file
|
||||
#
|
||||
# Boolean values note: where a boolean value is supposed to be used,
|
||||
@@ -250,7 +251,7 @@ lt-cred-mech
|
||||
#user=username1:key1
|
||||
#user=username2:key2
|
||||
# OR:
|
||||
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
|
||||
user=self:{{ vault.vault_secret('env', 'NETBIRD_TURN_PASSWORD') }}
|
||||
#user=username2:password2
|
||||
#
|
||||
# Keys must be generated by turnadmin utility. The key value depends
|
||||
|
||||
Reference in New Issue
Block a user