Compare commits

...

21 Commits

Author SHA1 Message Date
Trez.One b15306539f Merge remote-tracking branch 'refs/remotes/origin/ansible-dry-fixes_5-20-25' into ansible-dry-fixes_5-20-25
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Has been cancelled
Gitea Branch PR & Ansible Deployment / Ansible Linting (push) Has been cancelled
Gitea Branch PR & Ansible Deployment / PR Merge (push) Has been cancelled
Gitea Branch PR & Ansible Deployment / Ansible Playbook Run (Service Configs) (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Dry Run (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README & Generate List of Modified Services (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Deployment (push) Has been cancelled
2025-05-26 09:13:29 -04:00
Trez.One 9b6aaacdac Renaming Grafana alloy config. 2025-05-26 09:12:02 -04:00
Trez.One 22ba4743ef Renaming Grafana alloy config. 2025-05-26 09:12:02 -04:00
Trez.One a708d28446 Changing order of tasks in playbook. 2025-05-26 09:12:02 -04:00
Trez.One 2cf916fa05 Small fixes. 2025-05-26 09:12:02 -04:00
Trez.One 05eb209229 Small fixes. 2025-05-26 09:12:02 -04:00
Trez.One 9c30f3972b Small fixes. 2025-05-26 09:12:02 -04:00
Trez.One f96433be4f Small fixes. 2025-05-26 09:12:02 -04:00
Trez.One 296d4b6c35 Small fixes. 2025-05-26 09:12:02 -04:00
Trez.One 711d9cbfa9 Small fixes. 2025-05-26 09:12:02 -04:00
Trez.One cd5f996f39 Ansible DRY fixes for Vault lookups. 2025-05-26 09:12:02 -04:00
Trez.One 305f81bbdc Renaming Grafana alloy config.
Gitea Branch PR & Ansible Deployment / Ansible Playbook Run (Service Configs) (push) Blocked by required conditions
Gitea Branch PR & Ansible Deployment / Ansible Linting (push) Blocked by required conditions
Gitea Branch PR & Ansible Deployment / PR Merge (push) Blocked by required conditions
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Failing after 11m22s
2025-05-21 09:17:04 -04:00
Trez.One 77bb59f594 Renaming Grafana alloy config. 2025-05-21 09:16:28 -04:00
Trez.One 6245e88edc Changing order of tasks in playbook.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 20m30s
Gitea Branch PR & Ansible Deployment / Ansible Linting (push) Failing after 17m31s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Has been skipped
Gitea Branch PR & Ansible Deployment / Ansible Playbook Run (Service Configs) (push) Has been skipped
2025-05-20 10:13:55 -04:00
Trez.One 48f9659ede Small fixes. 2025-05-20 09:58:35 -04:00
Trez.One 6e5eb45ffe Small fixes.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 8m19s
Gitea Branch PR & Ansible Deployment / Ansible Linting (push) Failing after 11m55s
Gitea Branch PR & Ansible Deployment / Ansible Playbook Run (Service Configs) (push) Has been skipped
Gitea Branch PR & Ansible Deployment / PR Merge (push) Has been skipped
2025-05-20 09:22:50 -04:00
Trez.One 0c314a5000 Small fixes. 2025-05-20 09:19:04 -04:00
Trez.One c443d73f6f Small fixes. 2025-05-20 09:16:16 -04:00
Trez.One 124d4a86ba Small fixes. 2025-05-20 09:16:00 -04:00
Trez.One d08563b985 Small fixes. 2025-05-20 09:13:33 -04:00
Trez.One 6b37ad8ea4 Ansible DRY fixes for Vault lookups.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Failing after 3m6s
Gitea Branch PR & Ansible Deployment / Docker Compose & Ansible Lints (push) Has been skipped
Gitea Branch PR & Ansible Deployment / PR Merge (push) Failing after 9m4s
Gitea Branch PR & Ansible Deployment / Ansible Configs & Docker Compose Deployment (push) Has been skipped
2025-05-20 09:06:49 -04:00
40 changed files with 130 additions and 124 deletions
@@ -6,6 +6,7 @@ on:
paths: paths:
- '**.j2' - '**.j2'
- 'ansible/**.yml' - 'ansible/**.yml'
jobs: jobs:
check-and-create-pr: check-and-create-pr:
if: github.ref != 'refs/heads/main' if: github.ref != 'refs/heads/main'
@@ -57,7 +58,7 @@ jobs:
notification_title: 'GITEA: PR Check' notification_title: 'GITEA: PR Check'
notification_message: 'PR Created 🎟️' notification_message: 'PR Created 🎟️'
ansible-linting: ansible-linting:
name: Docker Compose & Ansible Lints name: Ansible Linting
needs: [check-and-create-pr] needs: [check-and-create-pr]
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
@@ -70,13 +71,13 @@ jobs:
- name: Fetch base branch - name: Fetch base branch
run: | run: |
git fetch origin ${{ github.event.pull_request.base.ref }} git fetch origin ${{ github.event.pull_request.base.ref }}
- name: Cache Ansible Galaxy Collections # - name: Cache Ansible Galaxy Collections
uses: actions/cache@v3 # uses: actions/cache@v3
with: # with:
path: ansible/collections # path: ansible/collections
key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }} # key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
restore-keys: | # restore-keys: |
${{ runner.os }}-ansible- # ${{ runner.os }}-ansible-
- name: Install Ansible - name: Install Ansible
uses: alex-oleshkevich/setup-ansible@v1.0.1 uses: alex-oleshkevich/setup-ansible@v1.0.1
with: with:
@@ -112,7 +113,7 @@ jobs:
notification_message: 'Docker Compose dry run completed successfully.' notification_message: 'Docker Compose dry run completed successfully.'
pr-merge: pr-merge:
name: PR Merge name: PR Merge
needs: [regenerate-readme-modified-services] needs: [ansible-linting]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
@@ -139,8 +140,8 @@ jobs:
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: PR Merge Successful' notification_title: 'GITEA: PR Merge Successful'
notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.' notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
ansible-config-docker-compose-deploy: ansible-config-deploy:
name: Ansible Configs & Docker Compose Deployment name: Ansible Playbook Run (Service Configs)
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [pr-merge] needs: [pr-merge]
env: env:
+2 -2
View File
@@ -2,5 +2,5 @@
{% set secrets_path = 'rinoa-docker/env' %} {% set secrets_path = 'rinoa-docker/env' %}
urls: urls:
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }} - gotify://gotify/{{ vault_secrets['APPRISE_GOTIFY_TOKEN'] }}
- mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf - mailtos://{{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}:{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
@@ -64,11 +64,11 @@ authentication_backend:
mail: mail mail: mail
display_name: displayName display_name: displayName
user: uid=authelia,ou=people,dc=trez,dc=wtf user: uid=authelia,ou=people,dc=trez,dc=wtf
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}' password: '{{ vault_secrets['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
refresh_interval: 5m refresh_interval: 5m
identity_validation: identity_validation:
reset_password: reset_password:
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}' jwt_secret: '{{ vault_secrets['AUTHELIA_JWT_SECRET'] }}'
password_policy: password_policy:
standard: standard:
enabled: true enabled: true
@@ -104,7 +104,7 @@ access_control:
- ['user:the.trezured.one'] - ['user:the.trezured.one']
session: session:
name: authelia_session name: authelia_session
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}' secret: '{{ vault_secrets['AUTHELIA_SESSION_SECRET'] }}'
expiration: 1h expiration: 1h
inactivity: 5m inactivity: 5m
remember_me: 1M remember_me: 1M
@@ -115,12 +115,12 @@ session:
host: redis host: redis
port: 6379 port: 6379
storage: storage:
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}' encryption_key: '{{ vault_secrets['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
postgres: postgres:
address: 'tcp://authelia-pg:5432' address: 'tcp://authelia-pg:5432'
database: authelia database: authelia
username: authelia username: authelia
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}' password: '{{ vault_secrets['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
timeout: '5s' timeout: '5s'
regulation: regulation:
max_retries: 3 max_retries: 3
@@ -131,8 +131,8 @@ notifier:
smtp: smtp:
address: 'smtp://postal-smtp:25' address: 'smtp://postal-smtp:25'
timeout: '5s' timeout: '5s'
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}' username: '{{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}'
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}' password: '{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}'
sender: "Authelia <noreply@trez.wtf>" sender: "Authelia <noreply@trez.wtf>"
identifier: 'localhost' identifier: 'localhost'
subject: "[Authelia] {title}" subject: "[Authelia] {title}"
@@ -142,10 +142,10 @@ notifier:
disable_html_emails: false disable_html_emails: false
identity_providers: identity_providers:
oidc: oidc:
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}' hmac_secret: '{{ vault_secrets['AUTHELIA_OIDC_HMAC_SECRET'] }}'
jwks: jwks:
- key: | - key: |
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }} {{ vault_secrets["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
cors: cors:
allowed_origins_from_client_redirect_uris: true allowed_origins_from_client_redirect_uris: true
endpoints: endpoints:
@@ -157,7 +157,7 @@ identity_providers:
clients: clients:
- client_id: 'netbird' - client_id: 'netbird'
client_name: 'NetBird' client_name: 'NetBird'
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}' client_secret: '{{ vault_secrets['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
public: false public: false
authorization_policy: 'two_factor' authorization_policy: 'two_factor'
redirect_uris: redirect_uris:
@@ -1,7 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %} {% set secrets_path = 'rinoa-docker/env' %}
source: journalctl source: journalctl
journalctl_filter: journalctl_filter:
- "--directory=/var/log/host/" - "--directory=/var/log/host/"
@@ -3,4 +3,4 @@
url: http://0.0.0.0:8080 url: http://0.0.0.0:8080
login: localhost login: localhost
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_LOCAL_API_KEY'] }} password: {{ vault_secrets['CROWDSEC_LOCAL_API_KEY'] }}
@@ -9,7 +9,7 @@
"host" : "mariadb", "host" : "mariadb",
"port" : 3306, "port" : 3306,
"user" : "ghost", "user" : "ghost",
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}", "password" : "{{ vault_secrets['GHOST_DB_PASSWORD'] }}",
"database" : "ghost_db" "database" : "ghost_db"
} }
}, },
@@ -21,8 +21,8 @@
"port": 25, "port": 25,
"secure": false, "secure": false,
"auth": { "auth": {
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}", "user": "{{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}",
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}" "pass": "{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}"
} }
} }
}, },
+5 -5
View File
@@ -27,7 +27,7 @@ DISABLE_SSH = false
SSH_PORT = 22 SSH_PORT = 22
SSH_LISTEN_PORT = 22 SSH_LISTEN_PORT = 22
LFS_START_SERVER = true LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }} LFS_JWT_SECRET = {{ vault_secrets['GITEA_LFS_JWT_SECRET'] }}
OFFLINE_MODE = true OFFLINE_MODE = true
[database] [database]
@@ -36,7 +36,7 @@ DB_TYPE = postgres
HOST = gitea-db:5432 HOST = gitea-db:5432
NAME = gitea NAME = gitea
USER = gitea USER = gitea
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }} PASSWD = {{ vault_secrets['GITEA_PG_DB_PASSWORD'] }}
LOG_SQL = false LOG_SQL = false
SCHEMA = SCHEMA =
SSL_MODE = disable SSL_MODE = disable
@@ -70,7 +70,7 @@ INSTALL_LOCK = true
SECRET_KEY = SECRET_KEY =
REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = * REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }} INTERNAL_TOKEN = {{ vault_secrets['GITEA_INTERNAL_TOKEN'] }}
PASSWORD_HASH_ALGO = pbkdf2 PASSWORD_HASH_ALGO = pbkdf2
[service] [service]
@@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf
PATH = /data/git/lfs PATH = /data/git/lfs
[mailer] [mailer]
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} PASSWD = {{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}
PROTOCOL = smtp PROTOCOL = smtp
ENABLED = true ENABLED = true
FROM = '"Gitea" <noreply@trez.wtf>' FROM = '"Gitea" <noreply@trez.wtf>'
@@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge
DEFAULT_TRUST_MODEL = committer DEFAULT_TRUST_MODEL = committer
[oauth2] [oauth2]
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }} JWT_SECRET = {{ vault_secrets['GITEA_OAUTH2_JWT_SECRET'] }}
[ui] [ui]
THEMES = THEMES =
@@ -9,7 +9,7 @@ gitea:
# Created access token for the user that shall be used as bot account. # Created access token for the user that shall be used as bot account.
# User needs "Read project" permissions with access to "Pull Requests" # User needs "Read project" permissions with access to "Pull Requests"
token: token:
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}" value: "{{ vault_secrets['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# file: /path/to/gitea/token # file: /path/to/gitea/token
@@ -18,7 +18,7 @@ gitea:
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated. # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
webhook: webhook:
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}" secret: "{{ vault_secrets['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# secretFile: /path/to/gitea/webhook/secret # secretFile: /path/to/gitea/webhook/secret
@@ -35,7 +35,7 @@ sonarqube:
# Created access token for the user that shall be used as bot account. # Created access token for the user that shall be used as bot account.
# User needs "Browse on project" permissions # User needs "Browse on project" permissions
token: token:
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}" value: "{{ vault_secrets['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# file: /path/to/sonarqube/token # file: /path/to/sonarqube/token
@@ -45,7 +45,7 @@ sonarqube:
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
# validated. # validated.
webhook: webhook:
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}" secret: "{{ vault_secrets['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# secretFile: /path/to/sonarqube/webhook/secret # secretFile: /path/to/sonarqube/webhook/secret
@@ -4,8 +4,8 @@ storage:
bucket_name: pyroscope bucket_name: pyroscope
endpoint: minio:9000 endpoint: minio:9000
region: us-east-fh-pln region: us-east-fh-pln
access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }} access_key_id: {{ vault_secrets['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }} secret_access_key: {{ vault_secrets['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
insecure: true insecure: true
analytics: analytics:
@@ -46,8 +46,8 @@ storage:
s3: s3:
bucket: tempo # how to store data in s3 bucket: tempo # how to store data in s3
endpoint: minio:9000 endpoint: minio:9000
access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }} access_key: {{ vault_secrets['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }} secret_key: {{ vault_secrets['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
insecure: true insecure: true
usage_report: usage_report:
@@ -29,5 +29,5 @@
widget: widget:
type: homeassistant type: homeassistant
url: http://192.168.1.252:8123 url: http://192.168.1.252:8123
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }} key: {{ vault_secrets['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
@@ -6,7 +6,7 @@
# https://gethomepage.dev/en/configs/settings # https://gethomepage.dev/en/configs/settings
providers: providers:
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }} openweathermap: {{ vault_secrets['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
# weatherapi: weatherapiapikey # weatherapi: weatherapiapikey
title: Rinoa Dashboard (trez.WTF) title: Rinoa Dashboard (trez.WTF)
headerStyle: underlined headerStyle: underlined
+4 -4
View File
@@ -16,7 +16,7 @@ db:
host: invidious-db host: invidious-db
port: 5432 port: 5432
dbname: invidious dbname: invidious
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PG_DB_PASSWORD'] }} password: {{ vault_secrets['INVID_PG_DB_PASSWORD'] }}
## ##
## Database configuration using a single URI. This is an ## Database configuration using a single URI. This is an
@@ -210,8 +210,8 @@ https_only: false
## Accepted values: String ## Accepted values: String
## Default: <none> ## Default: <none>
## ##
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PO_TOKEN'] }} po_token: {{ vault_secrets['INVID_PO_TOKEN'] }}
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_VISITOR_DATA'] }} visitor_data: {{ vault_secrets['INVID_VISITOR_DATA'] }}
# ----------------------------- # -----------------------------
# Logging # Logging
@@ -471,7 +471,7 @@ jobs:
## Accepted values: a string ## Accepted values: a string
## Default: <none> ## Default: <none>
## ##
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_HMAC_KEY'] }} hmac_key: {{ vault_secrets['INVID_HMAC_KEY'] }}
## ##
## List of video IDs where the "download" widget must be ## List of video IDs where the "download" widget must be
@@ -3,7 +3,7 @@
# IN application vars # IN application vars
IN_APP_URL=https://biz.trez.wtf IN_APP_URL=https://biz.trez.wtf
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_APP_KEY'] }} IN_APP_KEY={{ vault_secrets['IN_APP_KEY'] }}
IN_APP_DEBUG=true IN_APP_DEBUG=true
IN_REQUIRE_HTTPS=false IN_REQUIRE_HTTPS=false
IN_PHANTOMJS_PDF_GENERATION=false IN_PHANTOMJS_PDF_GENERATION=false
@@ -18,7 +18,7 @@ IN_DB_HOST=mariadb
IN_DB_PORT=3306 IN_DB_PORT=3306
IN_DB_DATABASE=invoice_ninja IN_DB_DATABASE=invoice_ninja
IN_DB_USERNAME=ininja IN_DB_USERNAME=ininja
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_MYSQL_PASSWORD'] }} IN_DB_PASSWORD={{ vault_secrets['IN_MYSQL_PASSWORD'] }}
# Create initial user # Create initial user
# Default to these values if empty # Default to these values if empty
@@ -31,8 +31,8 @@ IN_PASSWORD=
IN_MAIL_MAILER=log IN_MAIL_MAILER=log
IN_MAIL_HOST=postal-smtp IN_MAIL_HOST=postal-smtp
IN_MAIL_PORT=25 IN_MAIL_PORT=25
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }} IN_MAIL_USERNAME={{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} IN_MAIL_PASSWORD={{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}
IN_MAIL_ENCRYPTION=null IN_MAIL_ENCRYPTION=null
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf' IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
IN_MAIL_FROM_NAME='Treasured IT' IN_MAIL_FROM_NAME='Treasured IT'
+11 -11
View File
@@ -17,7 +17,7 @@
HOST=localhost HOST=localhost
PORT=3080 PORT=3080
MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa MONGO_URI=mongodb://librechat:{{ vault_secrets['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
DOMAIN_CLIENT=https://ai.trez.wtf DOMAIN_CLIENT=https://ai.trez.wtf
DOMAIN_SERVER=https://ai.trez.wtf DOMAIN_SERVER=https://ai.trez.wtf
@@ -73,12 +73,12 @@ PROXY=
# ANYSCALE_API_KEY= # ANYSCALE_API_KEY=
# APIPIE_API_KEY= # APIPIE_API_KEY=
# COHERE_API_KEY= # COHERE_API_KEY=
DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }} DEEPSEEK_API_KEY={{ vault_secrets['LIBRECHAT_DEEPSEEK_API_KEY'] }}
# DATABRICKS_API_KEY= # DATABRICKS_API_KEY=
# FIREWORKS_API_KEY= # FIREWORKS_API_KEY=
# GROQ_API_KEY= # GROQ_API_KEY=
# HUGGINGFACE_TOKEN= # HUGGINGFACE_TOKEN=
MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }} MISTRAL_API_KEY={{ vault_secrets['LIBRECHAT_MISTRAL_API_KEY'] }}
# OPENROUTER_KEY= # OPENROUTER_KEY=
# PERPLEXITY_API_KEY= # PERPLEXITY_API_KEY=
# SHUTTLEAI_API_KEY= # SHUTTLEAI_API_KEY=
@@ -90,7 +90,7 @@ MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_m
# Anthropic # # Anthropic #
#============# #============#
ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }} ANTHROPIC_API_KEY={{ vault_secrets['LIBRECHAT_ANTHROPIC_API_KEY'] }}
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
# ANTHROPIC_REVERSE_PROXY= # ANTHROPIC_REVERSE_PROXY=
@@ -177,7 +177,7 @@ ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-
# OpenAI # # OpenAI #
#============# #============#
OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }} OPENAI_API_KEY={{ vault_secrets['LIBRECHAT_OPENAI_API_KEY'] }}
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
DEBUG_OPENAI=false DEBUG_OPENAI=false
@@ -226,8 +226,8 @@ DEBUG_OPENAI=false
# DEBUG_PLUGINS= # DEBUG_PLUGINS=
CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }} CREDS_KEY={{ vault_secrets['LIBRECHAT_CREDS_KEY'] }}
CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }} CREDS_IV={{ vault_secrets['LIBRECHAT_CREDS_IV'] }}
# Azure AI Search # Azure AI Search
#----------------- #-----------------
@@ -298,7 +298,7 @@ ZAPIER_NLA_API_KEY=
SEARCH=true SEARCH=true
MEILI_NO_ANALYTICS=true MEILI_NO_ANALYTICS=true
MEILI_HOST=http://meilisearch:7700 MEILI_HOST=http://meilisearch:7700
MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }} MEILI_MASTER_KEY={{ vault_secrets['MEILISEARCH_MASTER_KEY'] }}
# Optional: Disable indexing, useful in a multi-node setup # Optional: Disable indexing, useful in a multi-node setup
# where only one instance should perform an index sync. # where only one instance should perform an index sync.
@@ -384,8 +384,8 @@ ALLOW_UNVERIFIED_EMAIL_LOGIN=true
SESSION_EXPIRY=1000 * 60 * 15 SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7 REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }} JWT_SECRET={{ vault_secrets['LIBRECHAT_JWT_SECRET'] }}
JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }} JWT_REFRESH_SECRET={{ vault_secrets['LIBRECHAT_JWT_REFRESH_SECRET'] }}
# Discord # Discord
@@ -547,4 +547,4 @@ USE_REDIS=true
#=====================================================# #=====================================================#
# OpenWeather # # OpenWeather #
#=====================================================# #=====================================================#
OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }} OPENWEATHER_API_KEY={{ vault_secrets['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
+1 -1
View File
@@ -7,7 +7,7 @@
<SslPort>6868</SslPort> <SslPort>6868</SslPort>
<EnableSsl>False</EnableSsl> <EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}</ApiKey> <ApiKey>{{ vault_secrets['LIDARR_API_KEY'] }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<Branch>master</Branch> <Branch>master</Branch>
<LogLevel>trace</LogLevel> <LogLevel>trace</LogLevel>
@@ -3,11 +3,11 @@
{ {
"lidarr_address": "http://lidarr:8686", "lidarr_address": "http://lidarr:8686",
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}", "lidarr_api_key": "{{ vault_secrets['LIDARR_API_KEY'] }}",
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}", "spotify_client_secret": "{{ vault_secrets['YOUR_SPOTIFY_SECRET'] }}",
"root_folder_path": "/data/media/music", "root_folder_path": "/data/media/music",
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}", "spotify_client_id": "{{ vault_secrets['YOUR_SPOTIFY_ID'] }}",
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}", "spotify_client_secret": "{{ vault_secrets['YOUR_SPOTIFY_SECRET'] }}",
"fallback_to_top_result": false, "fallback_to_top_result": false,
"lidarr_api_timeout": 120.0, "lidarr_api_timeout": 120.0,
"quality_profile_id": 1, "quality_profile_id": 1,
@@ -17,8 +17,8 @@
"app_name": "lidify", "app_name": "lidify",
"app_rev": "0.09", "app_rev": "0.09",
"app_url": "lidify.trez.wtf", "app_url": "lidify.trez.wtf",
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}", "last_fm_api_key": "{{ vault_secrets['LASTFM_API_KEY'] }}",
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}", "last_fm_api_secret": "{{ vault_secrets['LASTFM_API_SECRET'] }}",
"mode": "LastFM", "mode": "LastFM",
"auto_start": false, "auto_start": false,
"auto_start_delay": 60 "auto_start_delay": 60
+1 -1
View File
@@ -20,7 +20,7 @@ global_keywords:
- fatal - fatal
notifications: notifications:
apprise: apprise:
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki) url: gotify://gotify/{{ vault_secrets['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
# settings are optional because they all have default values # settings are optional because they all have default values
settings: settings:
log_level: INFO # DEBUG, INFO, WARNING, ERROR log_level: INFO # DEBUG, INFO, WARNING, ERROR
@@ -27,8 +27,8 @@
"clients": [], "clients": [],
"name": "spotify", "name": "spotify",
"data": { "data": {
"clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}", "clientId": "{{ vault_secrets['YOUR_SPOTIFY_ID'] }}",
"clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}", "clientSecret": "{{ vault_secrets['YOUR_SPOTIFY_SECRET'] }}",
"redirectUri": "http://localhost:9078/callback" "redirectUri": "http://localhost:9078/callback"
} }
}, },
@@ -38,8 +38,8 @@
"clients": [], "clients": [],
"name": "lastfm", "name": "lastfm",
"data": { "data": {
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}", "apiKey": "{{ vault_secrets['LASTFM_API_KEY'] }}",
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}", "secret": "{{ vault_secrets['LASTFM_API_SECRET'] }}",
"redirectUri": "http://localhost:9078/lastfm/callback" "redirectUri": "http://localhost:9078/lastfm/callback"
} }
}, },
@@ -49,7 +49,7 @@
"clients": [], "clients": [],
"name": "listenBrainz", "name": "listenBrainz",
"data": { "data": {
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}", "token": "{{ vault_secrets['MALOJA_LISTENBRAINZ_TOKEN'] }}",
"username": "Trez.One" "username": "Trez.One"
} }
}, },
@@ -61,7 +61,7 @@
"data": { "data": {
"url": "http://navidrome:4533", "url": "http://navidrome:4533",
"user": "admin", "user": "admin",
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}" "password": "{{ vault_secrets['NAVIDROME_PASSWORD'] }}"
} }
} }
], ],
@@ -71,8 +71,8 @@
"enable": true, "enable": true,
"name": "lastFmClient", "name": "lastFmClient",
"data": { "data": {
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}", "apiKey": "{{ vault_secrets['LASTFM_API_KEY'] }}",
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}", "secret": "{{ vault_secrets['LASTFM_API_SECRET'] }}",
"redirectUri": "http://localhost:9078/lastfm/callback" "redirectUri": "http://localhost:9078/lastfm/callback"
} }
}, },
@@ -81,7 +81,7 @@
"enable": true, "enable": true,
"name": "ListenBrainzClient", "name": "ListenBrainzClient",
"data": { "data": {
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}", "token": "{{ vault_secrets['MALOJA_LISTENBRAINZ_TOKEN'] }}",
"username": "Trez.One" "username": "Trez.One"
} }
}, },
@@ -91,7 +91,7 @@
"name": "maloja", "name": "maloja",
"data": { "data": {
"url": "http://maloja:42010", "url": "http://maloja:42010",
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}" "apiKey": "{{ vault_secrets['MALOJA_API_KEY'] }}"
} }
} }
], ],
@@ -100,7 +100,7 @@
"name": "Gotify", "name": "Gotify",
"type": "gotify", "type": "gotify",
"url": "http://gotify", "url": "http://gotify",
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}", "token": "{{ vault_secrets['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
"priorities": { "priorities": {
"info": 5, "info": 5,
"warn": 7, "warn": 7,
+12 -12
View File
@@ -2,7 +2,7 @@
"Stuns": [ "Stuns": [
{ {
"Proto": "udp", "Proto": "udp",
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478", "URI": "stun:netbird.{{ vault_secrets['MY_TLD'] }}:3478",
"Username": "", "Username": "",
"Password": null "Password": null
} }
@@ -11,9 +11,9 @@
"Turns": [ "Turns": [
{ {
"Proto": "udp", "Proto": "udp",
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478", "URI": "turn:netbird.{{ vault_secrets['MY_TLD'] }}:3478",
"Username": "self", "Username": "self",
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}" "Password": "{{ vault_secrets['NETBIRD_TURN_PASSWORD'] }}"
} }
], ],
"CredentialsTTL": "12h", "CredentialsTTL": "12h",
@@ -22,14 +22,14 @@
}, },
"Relay": { "Relay": {
"Addresses": [ "Addresses": [
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080" "rel://netbird.{{ vault_secrets['MY_TLD'] }}:33080"
], ],
"CredentialsTTL": "24h", "CredentialsTTL": "24h",
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}" "Secret": "{{ vault_secrets['NETBIRD_RELAY_AUTH_SECRET'] }}"
}, },
"Signal": { "Signal": {
"Proto": "https", "Proto": "https",
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001", "URI": "netbird.{{ vault_secrets['MY_TLD'] }}:10001",
"Username": "", "Username": "",
"Password": null "Password": null
}, },
@@ -47,14 +47,14 @@
}, },
"HttpConfig": { "HttpConfig": {
"Address": "0.0.0.0:33073", "Address": "0.0.0.0:33073",
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}", "AuthIssuer": "https://auth.{{ vault_secrets['MY_TLD'] }}",
"AuthAudience": "netbird", "AuthAudience": "netbird",
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json", "AuthKeysLocation": "https://auth.{{ vault_secrets['MY_TLD'] }}/jwks.json",
"AuthUserIDClaim": "", "AuthUserIDClaim": "",
"CertFile": "", "CertFile": "",
"CertKey": "", "CertKey": "",
"IdpSignKeyRefreshEnabled": true, "IdpSignKeyRefreshEnabled": true,
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration" "OIDCConfigEndpoint": "https://auth.{{ vault_secrets['MY_TLD'] }}/.well-known/openid-configuration"
}, },
"IdpManagerConfig": {}, "IdpManagerConfig": {},
"DeviceAuthorizationFlow": {}, "DeviceAuthorizationFlow": {},
@@ -62,10 +62,10 @@
"ProviderConfig": { "ProviderConfig": {
"Audience": "netbird", "Audience": "netbird",
"ClientID": "netbird", "ClientID": "netbird",
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}", "ClientSecret": "{{ vault_secrets['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
"Domain": "", "Domain": "",
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization", "AuthorizationEndpoint": "https://auth.{{ vault_secrets['MY_TLD'] }}/api/oidc/authorization",
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token", "TokenEndpoint": "https://auth.{{ vault_secrets['MY_TLD'] }}/api/oidc/token",
"Scope": "openid profile email offline_access api", "Scope": "openid profile email offline_access api",
"RedirectURLs": [ "RedirectURLs": [
"http://localhost:53000" "http://localhost:53000"
@@ -250,7 +250,7 @@ lt-cred-mech
#user=username1:key1 #user=username1:key1
#user=username2:key2 #user=username2:key2
# OR: # OR:
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }} user=self:{{ vault_secrets['NETBIRD_TURN_PASSWORD'] }}
#user=username2:password2 #user=username2:password2
# #
# Keys must be generated by turnadmin utility. The key value depends # Keys must be generated by turnadmin utility. The key value depends
+4 -4
View File
@@ -18,13 +18,13 @@ web_server:
main_db: main_db:
host: mariadb host: mariadb
username: postal username: postal
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }} password: {{ vault_secrets['POSTAL_MYSQL_PASSWORD'] }}
database: postal database: postal
message_db: message_db:
host: mariadb host: mariadb
username: postal username: postal
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }} password: {{ vault_secrets['POSTAL_MYSQL_PASSWORD'] }}
prefix: postal prefix: postal
smtp_server: smtp_server:
@@ -52,11 +52,11 @@ smtp:
host: postal-smtp host: postal-smtp
port: 25 port: 25
username: rinoa/postal-smtp username: rinoa/postal-smtp
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}" password: "{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}"
from_name: Postal @ Rinoa from_name: Postal @ Rinoa
from_address: noreply@trez.wtf from_address: noreply@trez.wtf
rails: rails:
# This is generated automatically by the config initialization. It should be a random # This is generated automatically by the config initialization. It should be a random
# string unique to your installation. # string unique to your installation.
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_RAILS_SECRET_KEY'] }}" secret_key: "{{ vault_secrets['POSTAL_RAILS_SECRET_KEY'] }}"
+1 -1
View File
@@ -7,7 +7,7 @@
<SslPort>6969</SslPort> <SslPort>6969</SslPort>
<EnableSsl>False</EnableSsl> <EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}</ApiKey> <ApiKey>{{ vault_secrets['PROWLARR_API_KEY'] }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<AuthenticationRequired>Enabled</AuthenticationRequired> <AuthenticationRequired>Enabled</AuthenticationRequired>
<Branch>master</Branch> <Branch>master</Branch>
@@ -3,9 +3,9 @@
{ {
"radarr_address": "http://radarr:7878", "radarr_address": "http://radarr:7878",
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}", "radarr_api_key": "{{ vault_secrets['RADARR_API_KEY'] }}",
"root_folder_path": "/data/media/movies", "root_folder_path": "/data/media/movies",
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}", "tmdb_api_key": "{{ vault_secrets['TMDB_API_KEY'] }}",
"fallback_to_top_result": false, "fallback_to_top_result": false,
"radarr_api_timeout": 120.0, "radarr_api_timeout": 120.0,
"quality_profile_id": 1, "quality_profile_id": 1,
+1 -1
View File
@@ -8,7 +8,7 @@
<SslCertPath></SslCertPath> <SslCertPath></SslCertPath>
<Port>7878</Port> <Port>7878</Port>
<UrlBase></UrlBase> <UrlBase></UrlBase>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}</ApiKey> <ApiKey>{{ vault_secrets['RADARR_API_KEY'] }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<UpdateMechanism>Docker</UpdateMechanism> <UpdateMechanism>Docker</UpdateMechanism>
<SslPort>9898</SslPort> <SslPort>9898</SslPort>
+1 -1
View File
@@ -7,7 +7,7 @@
<SslPort>6868</SslPort> <SslPort>6868</SslPort>
<EnableSsl>False</EnableSsl> <EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}</ApiKey> <ApiKey>{{ vault_secrets['READARR_API_KEY'] }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<Branch>develop</Branch> <Branch>develop</Branch>
<LogLevel>info</LogLevel> <LogLevel>info</LogLevel>
@@ -22,7 +22,7 @@ host = 0.0.0.0
port = 8080 port = 8080
https_port = 8090 https_port = 8090
username = thetrezuredone username = thetrezuredone
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_PASSWORD'] }} password = {{ vault_secrets['SABNZBDVPN_PASSWORD'] }}
bandwidth_max = 1000M bandwidth_max = 1000M
cache_limit = 1G cache_limit = 1G
web_dir = Glitter web_dir = Glitter
@@ -33,7 +33,7 @@ https_chain = ""
enable_https = 1 enable_https = 1
inet_exposure = 0 inet_exposure = 0
local_ranges = , local_ranges = ,
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_API_KEY'] }} api_key = {{ vault_secrets['SABNZBDVPN_API_KEY'] }}
nzb_key = 3c0fa874bb2748b58c1bd7512e649946 nzb_key = 3c0fa874bb2748b58c1bd7512e649946
permissions = 775 permissions = 775
download_dir = /storage/downloads/incomplete download_dir = /storage/downloads/incomplete
@@ -342,7 +342,7 @@ host = news.newshosting.com
port = 563 port = 563
timeout = 60 timeout = 60
username = thetrezuredone username = thetrezuredone
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }} password = {{ vault_secrets['SLSK_USER_PASSWORD'] }}
connections = 8 connections = 8
ssl = 1 ssl = 1
ssl_verify = 3 ssl_verify = 3
@@ -363,7 +363,7 @@ host = news.easynews.com
port = 443 port = 443
timeout = 60 timeout = 60
username = TrezOne username = TrezOne
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }} password = {{ vault_secrets['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
connections = 60 connections = 60
ssl = 0 ssl = 0
ssl_verify = 3 ssl_verify = 3
+1 -1
View File
@@ -82,7 +82,7 @@ server:
# If your instance owns a /etc/searxng/settings.yml file, then set the following # If your instance owns a /etc/searxng/settings.yml file, then set the following
# values there. # values there.
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET} secret_key: {{ vault_secrets['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET}
# Proxying image results through searx # Proxying image results through searx
image_proxy: true image_proxy: true
# 1.0 and 1.1 are supported # 1.0 and 1.1 are supported
+1 -1
View File
@@ -8,7 +8,7 @@
<SslPort>9898</SslPort> <SslPort>9898</SslPort>
<UrlBase></UrlBase> <UrlBase></UrlBase>
<BindAddress>*</BindAddress> <BindAddress>*</BindAddress>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}</ApiKey> <ApiKey>{{ vault_secrets['SONARR_API_KEY'] }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<UpdateMechanism>Docker</UpdateMechanism> <UpdateMechanism>Docker</UpdateMechanism>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
@@ -3,10 +3,10 @@
{ {
"sonarr_address": "http://192.168.1.2:8989", "sonarr_address": "http://192.168.1.2:8989",
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}", "sonarr_api_key": "{{ vault_secrets['SONARR_API_KEY'] }}",
"root_folder_path": "/data/media/shows", "root_folder_path": "/data/media/shows",
"tvdb_api_key": "", "tvdb_api_key": "",
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}", "tmdb_api_key": "{{ vault_secrets['TMDB_API_KEY'] }}",
"fallback_to_top_result": false, "fallback_to_top_result": false,
"sonarr_api_timeout": 120.0, "sonarr_api_timeout": 120.0,
"quality_profile_id": 1, "quality_profile_id": 1,
+2 -2
View File
@@ -2,7 +2,7 @@
{% set secrets_path = 'rinoa-docker/env' %} {% set secrets_path = 'rinoa-docker/env' %}
[Lidarr] [Lidarr]
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }} api_key = {{ vault_secrets['LIDARR_API_KEY'] }}
host_url = http://lidarr:8686 host_url = http://lidarr:8686
#This should be the path mounted in lidarr that points to your slskd download directory. #This should be the path mounted in lidarr that points to your slskd download directory.
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below. #If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
@@ -10,7 +10,7 @@ download_dir = /storage
[Slskd] [Slskd]
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above. #Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }} api_key = {{ vault_secrets['SLSKD_API_KEY'] }}
host_url = http://gluetun:5030 host_url = http://gluetun:5030
#Slskd download directory. Should have set it up when installing Slskd. #Slskd download directory. Should have set it up when installing Slskd.
download_dir = /app/downloads download_dir = /app/downloads
+3 -3
View File
@@ -198,15 +198,15 @@ rooms:
web: web:
authentication: authentication:
username: slskd username: slskd
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_WEB_PASSSWORD'] }} password: {{ vault_secrets['SLSKD_WEB_PASSSWORD'] }}
api_keys: api_keys:
my_api_key: my_api_key:
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }} key: {{ vault_secrets['SLSKD_API_KEY'] }}
role: readwrite role: readwrite
cidr: 0.0.0.0/0,::/0 cidr: 0.0.0.0/0,::/0
soulseek: soulseek:
address: vps.slsknet.org address: vps.slsknet.org
port: 2271 port: 2271
username: Trez.One username: Trez.One
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }} password: {{ vault_secrets['SLSK_USER_PASSWORD'] }}
diagnostic_level: Info diagnostic_level: Info
+1 -1
View File
@@ -6,7 +6,7 @@
"repos": [ "repos": [
{ {
"type": "gitea", "type": "gitea",
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}", "token": "{{ vault_secrets['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
"url": "https://git.trez.wtf", "url": "https://git.trez.wtf",
"revisions": { "revisions": {
"branches": [ "branches": [
+1 -1
View File
@@ -24,6 +24,6 @@
<entry key='database.driver'>org.postgresql.Driver</entry> <entry key='database.driver'>org.postgresql.Driver</entry>
<entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry> <entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
<entry key='database.user'>traccar</entry> <entry key='database.user'>traccar</entry>
<entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry> <entry key='database.password'>{{ vault_secrets['WAZUH_API_PASSWORD'] }}</entry>
</properties> </properties>
+1 -1
View File
@@ -21,7 +21,7 @@
auth: auth:
strategy: basic strategy: basic
user: admin user: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }} password: {{ vault_secrets['PARSEABLE_PASSWORD'] }}
request: request:
headers: headers:
X-P-Stream: rinoa-docker-logs X-P-Stream: rinoa-docker-logs
+1 -1
View File
@@ -6,5 +6,5 @@ hosts:
url: "https://wazuh.manager" url: "https://wazuh.manager"
port: 55000 port: 55000
username: wazuh-wui username: wazuh-wui
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }} password: {{ vault_secrets['WAZUH_API_PASSWORD'] }}
run_as: false run_as: false
+2 -2
View File
@@ -37,7 +37,7 @@ SMTPConfiguration:
SMTP: SMTP:
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525 # must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
Host: 'postal-smtp:25' Host: 'postal-smtp:25'
User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }} User: {{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} Password: {{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}
From: 'noreply@trez.wtf' From: 'noreply@trez.wtf'
FromName: 'Zitadel @ Rinoa' FromName: 'Zitadel @ Rinoa'
+2 -2
View File
@@ -7,7 +7,7 @@ Database:
User: User:
# If the user doesn't exist already, it is created # If the user doesn't exist already, it is created
Username: 'zitadel' Username: 'zitadel'
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }} Password: {{ vault_secrets['ZITADEL_DB_PASSWORD'] }}
Admin: Admin:
Username: 'root' Username: 'root'
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }} Password: {{ vault_secrets['ZITADEL_DB_ADMIN_PASSWORD'] }}
+6
View File
@@ -12,6 +12,12 @@
mode: '0755' mode: '0755'
loop: "{{ query('fileglob', 'app-configs/*.j2') }}" loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
- name: Fetch Vault secrets once
ansible.builtin.set_fact:
vault_secrets: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env',
engine_mount_point='rinoa-docker', url=vault_addr,
token=vault_token_cleaned)['secret'] }}"
- name: Deploy configuration templates - name: Deploy configuration templates
ansible.builtin.template: ansible.builtin.template:
src: "{{ item }}" src: "{{ item }}"