Add secrets to vault files

This commit is contained in:
Sam A. 2023-11-04 00:38:08 +01:00
parent 4da17ee4f5
commit ab5d357c4d
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
7 changed files with 75 additions and 11 deletions

View file

@ -6,3 +6,15 @@ apps_base_domain: "{{ base_domain }}"
apps_local_domain: "{{ local_domain }}" apps_local_domain: "{{ local_domain }}"
docker_data_root: "{{ encrypted_fs }}/docker" docker_data_root: "{{ encrypted_fs }}/docker"
redis_passwords:
nextcloud: "{{ vault_redis_passwords.nextcloud }}"
restic:
b2:
bucket: "{{ vault_restic.b2.bucket }}"
id: "{{ vault_restic.b2.id }}"
key: "{{ vault_restic.b2.key }}"
repo:
path: /restic
password: "{{ vault_restic.repo.password }}"

View file

@ -4,5 +4,5 @@
base_domain: sapti.me base_domain: sapti.me
local_domain: local.{{ base_domain }} local_domain: local.{{ base_domain }}
db_passwords: "{{ vault_db_passwords }}" db_passwords:
redis_passwords: "{{ vault_redis_passwords }}" nextcloud: "{{ vault_db_passwords.nextcloud }}"

View file

@ -0,0 +1,27 @@
$ANSIBLE_VAULT;1.1;AES256
33343239393262363334393363663539336235373661646163306638653262633930333531356166
3263663133323230633231333035393035633665316437640a363839633338616630376463666633
36303231383139346336336664373966643564316238626365303234373862333332653364323838
3761326330363730610a386236386464323636313339346366356264303038316138616661623239
37666266326662653764353038343661376235303732303633333565663865326335303661383064
34616136613064346238623632366136333237346462633762326334393637393437636237313665
38303336313232323230336461363537653831356161393130306161333264353662396636616362
65636631333738633630393432356333333339306535616534666334356236376137333335383066
36323963346436326638386337653164313763653734323532656637613737383638646430663462
64663664313639393931613135396662363337366162653631326563613964666430393163316532
61323137383462633865356534336163306530303235386637663535393032623062303661633664
65336461336531363131666638303030623565616439356133396631363631306664323432363132
63663866346566373963386434333738336466656564323865316265363937616136626536313733
38653736336132353663633963653064613432393461376561656338636133316330663662383662
31643965373062353061623934376138643838346339346661396134643839643434613561326562
35656632373234326136353763386337343633356632613265653138653736373766333861396562
61353264643332356134346163313334333632353638633334356265623963376636323639323265
39353864653732616366306263363937313263373032343636303734396362633236373033626265
30366661373638363963643866306634373339353161303166636265666533356239643863393961
37663565643832336264366363316432663761326435313963643933656230363831303761346534
63303037626139633431643438366431316166383332303333353062356661343036303466663031
32366238653863636461353165666630646537356463623637643063383635376235373139366466
35613663303633303237363662323930636431626462623831376534626434626531363031333462
65656662316233616432336161363630663561653132306365333166643734303838353030323630
66323133613638366632326162643532343362393833346630326434323034313634633535393038
6534623536626636303766356130303563636531343563616163

View file

@ -4,5 +4,5 @@
base_domain: staging.sapti.me base_domain: staging.sapti.me
local_domain: local.{{ base_domain }} local_domain: local.{{ base_domain }}
db_passwords: "{{ vault_db_passwords }}" db_passwords:
redis_passwords: "{{ vault_redis_passwords }}" nextcloud: "{{ vault_db_passwords.nextcloud }}"

View file

@ -0,0 +1,26 @@
$ANSIBLE_VAULT;1.1;AES256
66323863666335363963383237356566343539656432393166336436313763376634336463303666
3861343530313939646466633165353564343062383864390a623464646530636165353838333562
37393634643935373839366632383432353335633430613564663664323333643134616566336337
6664353035626362380a306462643865326234336563306431626266393339396137336264393733
65353139353031333161636333626661376466363433616561323338643065393064313934633236
31396437643531313433343732306336633332396434313831396564666162636264343261336466
30306134656161356338313838633834663566646530326463366266616434373037333737613063
61623338663964316265386433666237326466623936306138663966623033376131333365636230
35303163363538613435613262346233393462343763633135396261653335336337326237313739
66613461643366663131353731636138666464636566336636646130633166323933306631613236
65636633363331356664333934623638313161336632663263323031303836333661623262316562
35663930303033356435373235356436356130326165636131346166346566343063633131303537
38323033613132393639353666653563386663306364363363303961363563323536343930353463
30333362393137313763656636323563363661343539343334386439636638333562326264393063
61316363353231656230633464376164623462656333326139396563306334363634326634343034
35323436633631396663646262376432663831333430636337333336623061373133313465323366
35363434393930613633636139353461393631643032663438343564356565663739376436306564
37646438626562393631333238613035643665333730636162616134363464303230393436626662
30363038636163366334613464373761633130623338336265336632393437356133613362313235
38366138313761386132383666363232643161636330396161323536643365663730386164316437
30333463326530356438356364663638663833363366363739643934663665306238393166623839
36626230363437646238386431373934396263633033303262626632323930313232636364646234
33323264656237393235613230333534613030316361366638636663346533313539386138653331
64396362613962323361633366366132666439626264643534663036343934646533656236616538
62343161623865643332613039396234623238343532646336346563343131306335

View file

@ -46,7 +46,6 @@ apps_vars:
version: latest version: latest
restic: restic:
repo: /restic
extra_tasks: false extra_tasks: false
version: '1.7.0' version: '1.7.0'

View file

@ -8,8 +8,8 @@ services:
environment: environment:
RUN_ON_STARTUP: false RUN_ON_STARTUP: false
BACKUP_CRON: 0 0 3 * * * BACKUP_CRON: 0 0 3 * * *
RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo }} RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo.path }}
RESTIC_PASSWORD: {{ restic.repo_password }} RESTIC_PASSWORD: {{ restic.repo.password }}
RESTIC_BACKUP_SOURCES: /mnt/volumes RESTIC_BACKUP_SOURCES: /mnt/volumes
RESTIC_BACKUP_ARGS: >- RESTIC_BACKUP_ARGS: >-
--tag docker-volumes --tag docker-volumes
@ -36,8 +36,8 @@ services:
environment: environment:
RUN_ON_STARTUP: false RUN_ON_STARTUP: false
PRUNE_CRON: 0 0 4 * * * PRUNE_CRON: 0 0 4 * * *
RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo }} RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo.path }}
RESTIC_PASSWORD: {{ restic.repo_password }} RESTIC_PASSWORD: {{ restic.repo.password }}
RESTIC_PRUNE_ARGS: >- RESTIC_PRUNE_ARGS: >-
--verbose --verbose
B2_ACCOUNT_ID: {{ restic.b2.id }} B2_ACCOUNT_ID: {{ restic.b2.id }}
@ -50,8 +50,8 @@ services:
environment: environment:
RUN_ON_STARTUP: false RUN_ON_STARTUP: false
CHECK_CRON: 0 0 5 * * * CHECK_CRON: 0 0 5 * * *
RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo }} RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo.path }}
RESTIC_PASSWORD: {{ restic.repo_password }} RESTIC_PASSWORD: {{ restic.repo.password }}
RESTIC_CHECK_ARGS: >- RESTIC_CHECK_ARGS: >-
--verbose --verbose
B2_ACCOUNT_ID: {{ restic.b2.id }} B2_ACCOUNT_ID: {{ restic.b2.id }}