fix: remove various secrets

group_vars/all.yaml

@@ -11,6 +11,12 @@ code_server_password: HISTORY_PURGED_SECRET
 
 atlantis_array_action_pw: jeanswochenendegeschichte
 
+money_balancer_jwt_secret: HISTORY_PURGED_SECRET
+
+hedgedoc_db_password: HISTORY_PURGED_SECRET
+
+paperless_secret_key: HISTORY_PURGED_SECRET
+
 tube_archivist_elasticsearch_password: HISTORY_PURGED_SECRET
 
 reactive_resume_postgres_password: HISTORY_PURGED_SECRET

roles/docker-deployments/templates/hedgedoc.yaml

@@ -3,7 +3,7 @@ services:
     image: postgres:15-alpine
     environment:
       - POSTGRES_USER=hedgedoc
-      - POSTGRES_PASSWORD=HISTORY_PURGED_SECRET
+      - POSTGRES_PASSWORD={{ hedgedoc_db_password }}
       - POSTGRES_DB=hedgedoc
     volumes:
       - /data/hedgedoc/pgsql:/var/lib/postgresql/data
@@ -12,7 +12,7 @@ services:
     # Make sure to use the latest release from https://hedgedoc.org/latest-release
     image: quay.io/hedgedoc/hedgedoc:latest
     environment:
-      - CMD_DB_URL=postgres://hedgedoc:HISTORY_PURGED_SECRET@database:5432/hedgedoc
+      - CMD_DB_URL=postgres://hedgedoc:{{ hedgedoc_db_password }}@database:5432/hedgedoc
       - CMD_DOMAIN=hedgedoc.atlantishq.de
       - CMD_PROTOCOL_USESSL=true
       - CMD_ALLOW_ORIGIN=['hedgedoc.atlantishq.de']
@@ -22,7 +22,7 @@ services:
       - CMD_OAUTH2_TOKEN_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token
       - CMD_OAUTH2_AUTHORIZATION_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/auth
       - CMD_OAUTH2_CLIENT_ID=z_hedgedoc
-      - CMD_OAUTH2_CLIENT_SECRET=HISTORY_PURGED_SECRET
+      - CMD_OAUTH2_CLIENT_SECRET={{ keycloak_clients['hedgedoc']['client_secret'] }}
       - CMD_OAUTH2_SCOPE=openid email profile
       - CMD_OAUTH2_ROLES_CLAIM=roles
       - CMD_OAUTH2_PROVIDERNAME=AtlantisHQ Auth

roles/docker-deployments/templates/money-balancer.yaml

@@ -7,7 +7,7 @@ services:
     volumes:
       - /data/money-balancer:/data
     environment:
-      - MONEYBALANCER_JWT_SECRET=HISTORY_PURGED_SECRET
+      - MONEYBALANCER_JWT_SECRET={{ money_balancer_jwt_secret }}
       - MONEYBALANCER_AUTH_LOCAL_ENABLED=false
       - MONEYBALANCER_AUTH_PROXY_ENABLED=true
       - MONEYBALANCER_AUTH_PROXY_HEADERS_USERNAME=x-forwarded-preferred-username

roles/openvpn/templates/atlantis-ip-gate.yaml

@@ -8,7 +8,7 @@ services:
     volumes:
       - vpn-gate-data:/app/data/
     environment:
-      - APP_SECRET=jeanswochenendegeschichte
+      - APP_SECRET={{ atlantis_array_action_pw }}
   nginx:
     restart: always
     image: harbor-registry.atlantishq.de/atlantishq/atlantis-ip-gate-nginx:latest

roles/paperless/templates/docker-compose.env

@@ -1,7 +1,7 @@
 PAPERLESS_URL=https://paperless.atlantishq.de
 PAPERLESS_TIME_ZONE=Europe/Berlin
 PAPERLESS_OCR_LANGUAGE=deu
-PAPERLESS_SECRET_KEY=HISTORY_PURGED_SECRET
+PAPERLESS_SECRET_KEY={{ paperless_secret_key }}
 PAPERLESS_ADMIN_USER=sheppy
 PAPERLESS_ADMIN_PASSWORD=Rxn5gbl6XR
 PAPERLESS_ENABLE_HTTP_REMOTE_USER=TRUE