From 7928b2424020943089c8b75c45c8e6a032e37e6e Mon Sep 17 00:00:00 2001 From: Sheppy Date: Sun, 22 Dec 2024 21:47:59 +0000 Subject: [PATCH] fix: remove various secrets --- group_vars/all.yaml | 6 ++++++ roles/docker-deployments/templates/hedgedoc.yaml | 6 +++--- roles/docker-deployments/templates/money-balancer.yaml | 2 +- roles/openvpn/templates/atlantis-ip-gate.yaml | 2 +- roles/paperless/templates/docker-compose.env | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 6e514a9..0218d9a 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -11,6 +11,12 @@ code_server_password: HISTORY_PURGED_SECRET atlantis_array_action_pw: jeanswochenendegeschichte +money_balancer_jwt_secret: HISTORY_PURGED_SECRET + +hedgedoc_db_password: HISTORY_PURGED_SECRET + +paperless_secret_key: HISTORY_PURGED_SECRET + tube_archivist_elasticsearch_password: HISTORY_PURGED_SECRET reactive_resume_postgres_password: HISTORY_PURGED_SECRET diff --git a/roles/docker-deployments/templates/hedgedoc.yaml b/roles/docker-deployments/templates/hedgedoc.yaml index d863ba8..da2f4b2 100644 --- a/roles/docker-deployments/templates/hedgedoc.yaml +++ b/roles/docker-deployments/templates/hedgedoc.yaml @@ -3,7 +3,7 @@ services: image: postgres:15-alpine environment: - POSTGRES_USER=hedgedoc - - POSTGRES_PASSWORD=HISTORY_PURGED_SECRET + - POSTGRES_PASSWORD={{ hedgedoc_db_password }} - POSTGRES_DB=hedgedoc volumes: - /data/hedgedoc/pgsql:/var/lib/postgresql/data @@ -12,7 +12,7 @@ services: # Make sure to use the latest release from https://hedgedoc.org/latest-release image: quay.io/hedgedoc/hedgedoc:latest environment: - - CMD_DB_URL=postgres://hedgedoc:HISTORY_PURGED_SECRET@database:5432/hedgedoc + - CMD_DB_URL=postgres://hedgedoc:{{ hedgedoc_db_password }}@database:5432/hedgedoc - CMD_DOMAIN=hedgedoc.atlantishq.de - CMD_PROTOCOL_USESSL=true - CMD_ALLOW_ORIGIN=['hedgedoc.atlantishq.de'] @@ -22,7 +22,7 @@ services: - CMD_OAUTH2_TOKEN_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token - CMD_OAUTH2_AUTHORIZATION_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/auth - CMD_OAUTH2_CLIENT_ID=z_hedgedoc - - CMD_OAUTH2_CLIENT_SECRET=HISTORY_PURGED_SECRET + - CMD_OAUTH2_CLIENT_SECRET={{ keycloak_clients['hedgedoc']['client_secret'] }} - CMD_OAUTH2_SCOPE=openid email profile - CMD_OAUTH2_ROLES_CLAIM=roles - CMD_OAUTH2_PROVIDERNAME=AtlantisHQ Auth diff --git a/roles/docker-deployments/templates/money-balancer.yaml b/roles/docker-deployments/templates/money-balancer.yaml index 5d6510f..3e8e51b 100644 --- a/roles/docker-deployments/templates/money-balancer.yaml +++ b/roles/docker-deployments/templates/money-balancer.yaml @@ -7,7 +7,7 @@ services: volumes: - /data/money-balancer:/data environment: - - MONEYBALANCER_JWT_SECRET=HISTORY_PURGED_SECRET + - MONEYBALANCER_JWT_SECRET={{ money_balancer_jwt_secret }} - MONEYBALANCER_AUTH_LOCAL_ENABLED=false - MONEYBALANCER_AUTH_PROXY_ENABLED=true - MONEYBALANCER_AUTH_PROXY_HEADERS_USERNAME=x-forwarded-preferred-username diff --git a/roles/openvpn/templates/atlantis-ip-gate.yaml b/roles/openvpn/templates/atlantis-ip-gate.yaml index 20cc2a8..3f44218 100644 --- a/roles/openvpn/templates/atlantis-ip-gate.yaml +++ b/roles/openvpn/templates/atlantis-ip-gate.yaml @@ -8,7 +8,7 @@ services: volumes: - vpn-gate-data:/app/data/ environment: - - APP_SECRET=jeanswochenendegeschichte + - APP_SECRET={{ atlantis_array_action_pw }} nginx: restart: always image: harbor-registry.atlantishq.de/atlantishq/atlantis-ip-gate-nginx:latest diff --git a/roles/paperless/templates/docker-compose.env b/roles/paperless/templates/docker-compose.env index ba09467..c16b39d 100644 --- a/roles/paperless/templates/docker-compose.env +++ b/roles/paperless/templates/docker-compose.env @@ -1,7 +1,7 @@ PAPERLESS_URL=https://paperless.atlantishq.de PAPERLESS_TIME_ZONE=Europe/Berlin PAPERLESS_OCR_LANGUAGE=deu -PAPERLESS_SECRET_KEY=HISTORY_PURGED_SECRET +PAPERLESS_SECRET_KEY={{ paperless_secret_key }} PAPERLESS_ADMIN_USER=sheppy PAPERLESS_ADMIN_PASSWORD=Rxn5gbl6XR PAPERLESS_ENABLE_HTTP_REMOTE_USER=TRUE