firewall_master: move secrets to password store
This commit is contained in:
parent
d94e79f8b7
commit
37c025e2a0
|
@ -1,5 +1,4 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
remote_user = root
|
remote_user = root
|
||||||
vault_identity = network
|
vault_identity = network
|
||||||
ask_vault_pass = true
|
|
||||||
filter_plugins = filter_plugins
|
filter_plugins = filter_plugins
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
become_method: su
|
become_method: su
|
||||||
become_flags: "-s /bin/sh"
|
become_flags: "-s /bin/sh"
|
||||||
git:
|
git:
|
||||||
repo: "{{ friwall_repo }}"
|
repo: '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="friwall_repo") }}'
|
||||||
dest: /srv/friwall/app
|
dest: /srv/friwall/app
|
||||||
force: yes
|
force: yes
|
||||||
notify: reload uwsgi
|
notify: reload uwsgi
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{
|
{
|
||||||
"ldap_host": "{{ domain }}",
|
"ldap_host": "{{ domain }}",
|
||||||
"ldap_user": "{{ ldap_user }}",
|
"ldap_user": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}",
|
||||||
"ldap_pass": "{{ ldap_pass }}",
|
"ldap_pass": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}",
|
||||||
"ldap_base_dn": "{{ ldap_base_dn }}",
|
"ldap_base_dn": "{{ ldap_base_dn }}",
|
||||||
"oidc_server": "{{ oidc_server }}",
|
"oidc_server": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_server") }}",
|
||||||
"oidc_client_id": "{{ oidc_client_id }}",
|
"oidc_client_id": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_client_id") }}",
|
||||||
"oidc_client_secret": "{{ oidc_client_secret }}",
|
"oidc_client_secret": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_client_secret") }}",
|
||||||
"wg_net": "{{ wg_net }}",
|
"wg_net": "{{ wg_net }}"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue