Fix Docker Compose interpolation: use inline Vault passwords

2026-05-30 15:39:58 +00:00 · 2026-03-30 21:56:57 +02:00
parent 9c7bb4653d
commit f96964f32b
4 changed files with 2 additions and 27 deletions
--- a/ansible/inventory/group_vars/server.yml
+++ b/ansible/inventory/group_vars/server.yml
@@ -38,17 +38,6 @@ server_templates:
    dest: "{{ server_container_stack_dir }}/docker-compose.yml"
    owner: root
    group: root
-    mode: "0644"
-  - src: server/navidrome_db_password.txt.j2
-    dest: "{{ server_container_stack_dir }}/navidrome_db_password.txt"
-    owner: root
-    group: root
-    mode: "0600"
-    no_log: true
-  - src: server/postgres_root_password.txt.j2
-    dest: "{{ server_container_stack_dir }}/postgres_root_password.txt"
-    owner: root
-    group: root
    mode: "0600"
    no_log: true

--- a/ansible/templates/server/docker-compose.yml.j2
+++ b/ansible/templates/server/docker-compose.yml.j2
@@ -9,7 +9,7 @@ services:
    expose:
      - "4533"
    environment:
-      ND_DATABASE_URL: "postgres://navidrome:$(cat /run/secrets/navidrome_db_password)@navidromedb:5432/navidrome_db?sslmode=disable"
+      ND_DATABASE_URL: "postgres://navidrome:{{ vault_navidrome_db_password }}@navidromedb:5432/navidrome_db?sslmode=disable"
      ND_SESSIONTIMEOUT: 24h
      ND_ENABLETRANSCODING: "true"

@@ -21,9 +21,6 @@ services:
      - web
    depends_on:
      - navidromedb
-    secrets:
-      - navidrome_db_password
-
  nginx-proxy-manager:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy-manager
@@ -47,15 +44,12 @@ services:
    environment:
      POSTGRES_DB: "navidrome_db"
      POSTGRES_USER: "navidrome"
-      POSTGRES_PASSWORD_FILE: "/run/secrets/postgres_root_password"
+      POSTGRES_PASSWORD: "{{ vault_postgres_root_password }}"

    volumes:
      - "/opt/postgres/data:/var/lib/postgresql/data"
    networks:
      - web
-    secrets:
-      - postgres_root_password
-
  gitea:
    image: docker.gitea.com/gitea:1.25.2
    container_name: gitea
@@ -74,12 +68,6 @@ services:
      - "3000:3000"
      - "127.0.0.1:222:22"

-secrets:
-  navidrome_db_password:
-    file: "{{ server_container_stack_dir }}/navidrome_db_password.txt"
-  postgres_root_password:
-    file: "{{ server_container_stack_dir }}/postgres_root_password.txt"
-
 networks:
  web:
    external: false
--- a/ansible/templates/server/navidrome_db_password.txt.j2
+++ b/ansible/templates/server/navidrome_db_password.txt.j2
@@ -1 +0,0 @@
-{{ vault_navidrome_db_password }}
--- a/ansible/templates/server/postgres_root_password.txt.j2
+++ b/ansible/templates/server/postgres_root_password.txt.j2
@@ -1 +0,0 @@
-{{ vault_postgres_root_password }}