refactor: simplify stack templates, move vars into group_vars/alpina

this vault setup for injective sensitive variables uses the approach described in https://docs.ansible.com/ansible/10/tips_tricks/ansible_tips_tricks.html#keep-vaulted-variables-safely-visible
2024-06-28 22:39:24 -07:00
parent f3c6c61130
commit e1f3a22a23
63 changed files with 231 additions and 254 deletions
--- a/inventories/prod/group_vars/all.yml
+++ b/inventories/prod/group_vars/all.yml
@@ -1,47 +1 @@
 domain: cazzzer.com
-
-wg_privkey: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  31663639306133623739366363353430303338656137386434303862346434633665333434613931
-  3430313162333937636234313761366337393431616630330a393962643962353234343431653439
-  35323966643531386538643636623439636633326638316233386266343964333563306330383437
-  6132333063626365330a353232366464636663633236383563343834316164636434613639363765
-  37653738663463303236333232663338623034363737643138303238663033323361373064343334
-  3762303565343765393332626565333637643462353631343833
-
-wg_psk: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  31353436343638306237623864633533626662376362656531616665356333326238353533306438
-  3164646631633464313966353533633137643234333264650a666134613666613262323461306131
-  32383438363566653766613337363236616139616661343930656362636366346133353137366639
-  3762623635386330320a643465396563666562383261623964396431366466663766303939336434
-  61626434363763303637316165343566383064613663626339366635343537646130323731376461
-  6231346162313465323739623939306436656438336565336436
-
-wg_addresses: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  66306130383462373166306561663431366262626537393330373061616636306433323734643632
-  6332363262346630353338626632353039636666636264340a616537363638386635383934303533
-  34376136636334616332626161386435333031363931616331363232313338346234316361383033
-  3236626331333032390a353466323863326565386531643335653565386433613431623337313666
-  32643065653763643563623232313262316534326266386135633463623966636532356463653765
-  32656333623032633263643539336537313536326263303465373066633738353832363064306465
-  353636666162393734333338653834366333
-
-fw_vpn_input_ports: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  36353933613361353132366636386138616336323437616366613164633036343234313338303830
-  3662663462346134343338363264303030663935393865650a666161633163383437373139663362
-  35666633363762633135616630336239623065366266633335623832323762613565376166383131
-  6163646561353335360a386664386166626134366339393566613461626230323836646139316463
-  3938
-
-github_consumer_key: 32d5cae58d744c56fcc9
-github_consumer_secret: !vault |
-          $ANSIBLE_VAULT;1.2;AES256;alpina
-          36353230356266303131333732363736383633313038326161346434303061633464393738383433
-          3933343436316530306439326237353265363333656264620a373036383835313733303561333233
-          33343834313163613037643734653535306365326536383532366166313261323265616133333865
-          3362663865666466320a363338303436626532393665663564313937366362326263396431316538
-          33396237333766666635333039643338333133346636363966326437646334636138353934333834
-          3139363661653364306231303966346333643166326536383164
--- a/inventories/prod/group_vars/alpina/vars.yml
+++ b/inventories/prod/group_vars/alpina/vars.yml
@@ -0,0 +1,14 @@
+# Environment specific variables (prod)
+
+---
+docker_ipv6_index: 255
+
+# Arrstack VPN
+wg_privkey: "{{ vault_wg_privkey }}"
+wg_psk: "{{ vault_wg_psk }}"
+wg_addresses: "{{ vault_wg_addresses }}"
+fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
+
+# Authentik GitHub OAuth
+github_consumer_key: 32d5cae58d744c56fcc9
+github_consumer_secret: "{{ vault_github_consumer_secret }}"
--- a/inventories/prod/group_vars/alpina/vault.yml
+++ b/inventories/prod/group_vars/alpina/vault.yml
@@ -0,0 +1,21 @@
+$ANSIBLE_VAULT;1.1;AES256
+61656162363565633436373135333536623561663136303736393865623830633539376362363363
+3938333137343336626634346262363964316563643261310a366538363037343965363766646535
+61636239326464373039333462653562373933396665393039633266326234663335363337666439
+6137323332303533640a383062383135633762323561313666636566306531306636633466316536
+66623731626266333731303336323733343336626366343833633365616330343565363035323039
+35313961383131616133386663376331336639633137383137346164353632653939363266613562
+36316631366661353632386230306532633862393963663465383862653964646462666334396666
+66626636353539316266343937623662613336616331626439306538363764636366656635356639
+30663535393366383261333832356237373230663037373638303161303534636230616464636265
+37623938303638646233346338616239393838396433313063343065386666323264646461373032
+63376661646139316430303533643063336634333364643231336130613638626431623732646434
+63643833353164313465633333646232653761356333323933396666323837656334343866363762
+39646263653137356632323534356631366531636530613736343438393136363835373435636230
+30313163386335353935663432323033326235653963653930396235373863373232666334326661
+34336632666365666563326366376461386130343965363832343430396537323734363533353065
+64313837623366356261383437306465633730353332636561333462356363326132313933653234
+66363634333664333433613466396639306436353035346134373430663532373934343861323262
+30666664336336393835346234316238613839326436363162626439376530306133343530303365
+65393030633237333166336637363435646435323736353461333932366638333264333239373733
+30623062643336643431
--- a/inventories/prod/group_vars/docker_hosts.yml
+++ b/inventories/prod/group_vars/docker_hosts.yml
@@ -1 +0,0 @@
-docker_ipv6_index: 255
--- a/inventories/prod/hosts
+++ b/inventories/prod/hosts
@@ -1,2 +1,2 @@
-[docker_hosts]
+[alpina]
 debbi.lab.home
--- a/inventories/staging/group_vars/all.yml
+++ b/inventories/staging/group_vars/all.yml
@@ -1,47 +1 @@
 domain: lab.cazzzer.com
-
-wg_privkey: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  31333936633664396332303835396261626463383139326538356363303832323533643636383364
-  3364613639616462313462313361363836396338623636660a376230646137346536393330393837
-  64363065396332316262386330313534636135303264636532373432356265383337306365363531
-  6533343563393062640a366364346136353361653033383731613764363762663865643031303663
-  62623562636563633038366465636430656231323431643236323461333134623633613464393439
-  3331663962646534353931336630333961616134343931343534
-
-wg_psk: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  31393235386262363733633063393031396532336161613138353931616364616165613131336138
-  3861323766326233383836613233333332306166633138300a373164306664393061643135646662
-  30626536646562363263303238663430393361653566306134373633626534643038326566616237
-  3233363838343466640a306364663738346235323535643465663330616235373266383233646263
-  31373332613461376235343431396431633733653865636636363733303466366430316431663730
-  6537663563613233353838303738653532633136663430383961
-
-wg_addresses: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  36613639386139353965346134663431343032626637326238303830653335633062633936373938
-  3633636637613033303362343038653262626165636537350a356136363730643738383264306662
-  34363731313730613164646138653235653363303033663637386230373161623965326265663439
-  6365643730373235320a323065336535356636646131666262636133643435633237396331653833
-  63393836393162623164633130393034643364373838313939346438623761326364316337343066
-  30643131636636643038366634663137643436323833326362373666393563316235306533373039
-  636233633762303639373239353661343162
-
-fw_vpn_input_ports: !vault |
-  $ANSIBLE_VAULT;1.2;AES256;alpina
-  39326564343633633465376363396633396332636664383539373230633033383161626434643435
-  3539336531356336663638626630613934323162313639610a626637393637363837636631666534
-  38663031306536323866336365373565633634666561663636653938643538336630393061326564
-  3863363030346530630a343138623664323336353036343430323261393036373563393762663530
-  3730
-
-github_consumer_key: dbacb8621c37320eb745
-github_consumer_secret: !vault |
-          $ANSIBLE_VAULT;1.2;AES256;alpina
-          65393439653532323865356337353164666331653438396564613663363865643233323666316537
-          6365303062326139366139623232366338663831333333610a343035313364383738396635633737
-          32616366393365643565636337633334363637356435386235373638653139326665353537363939
-          3936336336663264310a343137653436323831366237376539353231656463663164316133376333
-          37373937356438373335663234616165663739626663663635316335333534333566326632346437
-          3539656334346163663635376533376362626235343466303430
--- a/inventories/staging/group_vars/alpina/vars.yml
+++ b/inventories/staging/group_vars/alpina/vars.yml
@@ -0,0 +1,14 @@
+# Environment specific variables (staging)
+
+---
+docker_ipv6_index: 254
+
+# Arrstack VPN
+wg_privkey: "{{ vault_wg_privkey }}"
+wg_psk: "{{ vault_wg_psk }}"
+wg_addresses: "{{ vault_wg_addresses }}"
+fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
+
+# Authentik GitHub OAuth
+github_consumer_key: dbacb8621c37320eb745
+github_consumer_secret: "{{ vault_github_consumer_secret }}"
--- a/inventories/staging/group_vars/alpina/vault.yml
+++ b/inventories/staging/group_vars/alpina/vault.yml
@@ -0,0 +1,21 @@
+$ANSIBLE_VAULT;1.1;AES256
+63633535633462326534626562373461373363643166383961303861623531663263323534366537
+3263633238646439306430356365623233313838326639350a386633363434623737313565316535
+33393734633937333637373432366132323366343836393538366339626235613937323066613666
+3737393262646333390a623331333461373563313166323232343234616538623433376166313532
+32323834346336336164343938303062336438643566343866316164643535663039326331646465
+36666162393365323633646635333666613030386265306238633434303234336439646663356363
+63323638373035326465633934326363316364616539613462653232393465633233366666373664
+66616361646564303530356331323864343966633736643434653237316236363063613634646438
+35303238646632616465643264316164363139393834626362326538613033656464323435396638
+31346631653764303332386331663361623766333332366537313634636333346538653537346631
+62363438303036386530633236376633326162336434343861346261373835653735323161323965
+62353965373164616537346134303232363033323134323130316439386339613966646330666533
+65346239383230646565346133663530613462363532663562326136376233303638323332326630
+35656432363563653663616236393932663637323139666664636237336136366438656666633865
+66353162656364356638313236643131613830393838636264663833343461373963613431656364
+32303331623033303433333631313038316336653638656638373031653234356164333363336532
+37316334353463376562643138346633613633353536653939376564333166323931353634333736
+63616133663266383339323562343265613461623865623263623139396163343065623264366230
+32633362336335396562366563363830636133376238646433386236666461333731353337386333
+61323931643766326338
--- a/inventories/staging/group_vars/docker_hosts.yml
+++ b/inventories/staging/group_vars/docker_hosts.yml
@@ -1 +0,0 @@
-docker_ipv6_index: 254
--- a/inventories/staging/hosts
+++ b/inventories/staging/hosts
@@ -1,2 +1,2 @@
-[docker_hosts]
+[alpina]
 etappi.lab.home