From 6855479fd75c52b4b06b42e1108152ab2d1de7c1 Mon Sep 17 00:00:00 2001 From: Fabio Scotto di Santolo Date: Mon, 30 Mar 2026 21:56:57 +0200 Subject: [PATCH] Fix Docker Compose interpolation: use inline Vault passwords --- ansible/inventory/group_vars/server.yml | 11 ----------- ansible/templates/server/docker-compose.yml.j2 | 16 ++-------------- .../server/navidrome_db_password.txt.j2 | 1 - .../server/postgres_root_password.txt.j2 | 1 - 4 files changed, 2 insertions(+), 27 deletions(-) delete mode 100644 ansible/templates/server/navidrome_db_password.txt.j2 delete mode 100644 ansible/templates/server/postgres_root_password.txt.j2 diff --git a/ansible/inventory/group_vars/server.yml b/ansible/inventory/group_vars/server.yml index 61a0e18..1a87300 100644 --- a/ansible/inventory/group_vars/server.yml +++ b/ansible/inventory/group_vars/server.yml @@ -38,17 +38,6 @@ server_templates: dest: "{{ server_container_stack_dir }}/docker-compose.yml" owner: root group: root - mode: "0644" - - src: server/navidrome_db_password.txt.j2 - dest: "{{ server_container_stack_dir }}/navidrome_db_password.txt" - owner: root - group: root - mode: "0600" - no_log: true - - src: server/postgres_root_password.txt.j2 - dest: "{{ server_container_stack_dir }}/postgres_root_password.txt" - owner: root - group: root mode: "0600" no_log: true diff --git a/ansible/templates/server/docker-compose.yml.j2 b/ansible/templates/server/docker-compose.yml.j2 index 75f351f..9372740 100644 --- a/ansible/templates/server/docker-compose.yml.j2 +++ b/ansible/templates/server/docker-compose.yml.j2 @@ -9,7 +9,7 @@ services: expose: - "4533" environment: - ND_DATABASE_URL: "postgres://navidrome:$(cat /run/secrets/navidrome_db_password)@navidromedb:5432/navidrome_db?sslmode=disable" + ND_DATABASE_URL: "postgres://navidrome:{{ vault_navidrome_db_password }}@navidromedb:5432/navidrome_db?sslmode=disable" ND_SESSIONTIMEOUT: 24h ND_ENABLETRANSCODING: "true" @@ -21,9 +21,6 @@ services: - web depends_on: - navidromedb - secrets: - - navidrome_db_password - nginx-proxy-manager: image: jc21/nginx-proxy-manager:latest container_name: nginx-proxy-manager @@ -47,15 +44,12 @@ services: environment: POSTGRES_DB: "navidrome_db" POSTGRES_USER: "navidrome" - POSTGRES_PASSWORD_FILE: "/run/secrets/postgres_root_password" + POSTGRES_PASSWORD: "{{ vault_postgres_root_password }}" volumes: - "/opt/postgres/data:/var/lib/postgresql/data" networks: - web - secrets: - - postgres_root_password - gitea: image: docker.gitea.com/gitea:1.25.2 container_name: gitea @@ -74,12 +68,6 @@ services: - "3000:3000" - "127.0.0.1:222:22" -secrets: - navidrome_db_password: - file: "{{ server_container_stack_dir }}/navidrome_db_password.txt" - postgres_root_password: - file: "{{ server_container_stack_dir }}/postgres_root_password.txt" - networks: web: external: false diff --git a/ansible/templates/server/navidrome_db_password.txt.j2 b/ansible/templates/server/navidrome_db_password.txt.j2 deleted file mode 100644 index 1df1f73..0000000 --- a/ansible/templates/server/navidrome_db_password.txt.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ vault_navidrome_db_password }} diff --git a/ansible/templates/server/postgres_root_password.txt.j2 b/ansible/templates/server/postgres_root_password.txt.j2 deleted file mode 100644 index ff36814..0000000 --- a/ansible/templates/server/postgres_root_password.txt.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ vault_postgres_root_password }}