fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 23:49:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Docker Compose interpolation: use inline Vault passwords

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-03-30 21:56:57 +02:00
parent e78ccf021c
commit 6855479fd7
4 changed files with 2 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ansible/inventory/group_vars/server.yml
View File

@@ -38,17 +38,6 @@ server_templates:
dest: "{{ server_container_stack_dir }}/docker-compose.yml" dest: "{{ server_container_stack_dir }}/docker-compose.yml"
owner: root owner: root
group: root group: root
mode: "0644"
- src: server/navidrome_db_password.txt.j2
dest: "{{ server_container_stack_dir }}/navidrome_db_password.txt"
owner: root
group: root
mode: "0600"
no_log: true
- src: server/postgres_root_password.txt.j2
dest: "{{ server_container_stack_dir }}/postgres_root_password.txt"
owner: root
group: root
mode: "0600" mode: "0600"
no_log: true no_log: true

16
ansible/templates/server/docker-compose.yml.j2
View File

@@ -9,7 +9,7 @@ services:
expose: expose:
- "4533" - "4533"
environment: environment:
ND_DATABASE_URL: "postgres://navidrome:$(cat /run/secrets/navidrome_db_password)@navidromedb:5432/navidrome_db?sslmode=disable" ND_DATABASE_URL: "postgres://navidrome:{{ vault_navidrome_db_password }}@navidromedb:5432/navidrome_db?sslmode=disable"
ND_SESSIONTIMEOUT: 24h ND_SESSIONTIMEOUT: 24h
ND_ENABLETRANSCODING: "true" ND_ENABLETRANSCODING: "true"
@@ -21,9 +21,6 @@ services:
- web - web
depends_on: depends_on:
- navidromedb - navidromedb
secrets:
- navidrome_db_password
nginx-proxy-manager: nginx-proxy-manager:
image: jc21/nginx-proxy-manager:latest image: jc21/nginx-proxy-manager:latest
container_name: nginx-proxy-manager container_name: nginx-proxy-manager
@@ -47,15 +44,12 @@ services:
environment: environment:
POSTGRES_DB: "navidrome_db" POSTGRES_DB: "navidrome_db"
POSTGRES_USER: "navidrome" POSTGRES_USER: "navidrome"
POSTGRES_PASSWORD_FILE: "/run/secrets/postgres_root_password" POSTGRES_PASSWORD: "{{ vault_postgres_root_password }}"
volumes: volumes:
- "/opt/postgres/data:/var/lib/postgresql/data" - "/opt/postgres/data:/var/lib/postgresql/data"
networks: networks:
- web - web
secrets:
- postgres_root_password
gitea: gitea:
image: docker.gitea.com/gitea:1.25.2 image: docker.gitea.com/gitea:1.25.2
container_name: gitea container_name: gitea
@@ -74,12 +68,6 @@ services:
- "3000:3000" - "3000:3000"
- "127.0.0.1:222:22" - "127.0.0.1:222:22"
secrets:
navidrome_db_password:
file: "{{ server_container_stack_dir }}/navidrome_db_password.txt"
postgres_root_password:
file: "{{ server_container_stack_dir }}/postgres_root_password.txt"
networks: networks:
web: web:
external: false external: false

1
ansible/templates/server/navidrome_db_password.txt.j2
View File

@@ -1 +0,0 @@
{{ vault_navidrome_db_password }}

1
ansible/templates/server/postgres_root_password.txt.j2
View File

@@ -1 +0,0 @@
{{ vault_postgres_root_password }}