Add server Docker compose stack with Vault-backed secrets

2026-05-30 15:39:58 +00:00 · 2026-03-30 21:40:12 +02:00
parent 55e5e251bf
commit a90f3a6610
6 changed files with 136 additions and 11 deletions
--- a/ansible/inventory/group_vars/server.yml
+++ b/ansible/inventory/group_vars/server.yml
@@ -5,6 +5,7 @@ server_user_home: "/home/{{ server_username }}"
 effective_username: "{{ server_username }}"
 effective_user_group: "{{ server_user_group }}"
 effective_user_home: "{{ server_user_home }}"
+server_container_stack_dir: /opt/docker/server

 profile_packages:
  - avahi-daemon
@@ -33,8 +34,29 @@ server_templates:
  - src: server/.gitconfig.j2
    dest: .gitconfig
    mode: "0644"
+  - src: server/docker-compose.yml.j2
+    dest: "{{ server_container_stack_dir }}/docker-compose.yml"
+    owner: root
+    group: root
+    mode: "0644"
+  - src: server/navidrome_db_password.txt.j2
+    dest: "{{ server_container_stack_dir }}/navidrome_db_password.txt"
+    owner: root
+    group: root
+    mode: "0600"
+    no_log: true
+  - src: server/postgres_root_password.txt.j2
+    dest: "{{ server_container_stack_dir }}/postgres_root_password.txt"
+    owner: root
+    group: root
+    mode: "0600"
+    no_log: true

 server_directories:
+  - path: "{{ server_container_stack_dir }}"
+    owner: root
+    group: root
+    mode: "0755"
  - path: /opt/navidrome/data
    owner: "{{ server_username }}"
    group: "{{ server_user_group }}"