Erich Blume
7a637d2ebf
All checks were successful
Test CI / test (pull_request) Successful in 3s
Use runner_reg field (matching existing k8s secret template) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
103 lines
3.2 KiB
YAML
103 lines
3.2 KiB
YAML
---
|
|
- name: Configure indri
|
|
hosts: indri
|
|
|
|
# Fetch 1Password credentials upfront to minimize prompts
|
|
# Each role also fetches its own credentials (with 'when: <var> is not defined')
|
|
# so they still work when running with --tags
|
|
pre_tasks:
|
|
- name: Fetch borgmatic database password
|
|
ansible.builtin.command:
|
|
cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get mw2bv5we7woicjza7hc6s44yvy --fields db-password --reveal
|
|
delegate_to: localhost
|
|
register: _borgmatic_db_pw
|
|
changed_when: false
|
|
no_log: true
|
|
check_mode: false
|
|
tags: [borgmatic]
|
|
|
|
- name: Set borgmatic database password fact
|
|
ansible.builtin.set_fact:
|
|
borgmatic_db_password: "{{ _borgmatic_db_pw.stdout }}"
|
|
no_log: true
|
|
tags: [borgmatic]
|
|
|
|
# Forgejo secrets
|
|
- name: Fetch forgejo LFS JWT secret
|
|
ansible.builtin.command:
|
|
cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get w3663ffnvkewbftncqxtcpeavy --fields lfs-jwt-secret --reveal
|
|
delegate_to: localhost
|
|
register: _forgejo_lfs_jwt
|
|
changed_when: false
|
|
no_log: true
|
|
check_mode: false
|
|
tags: [forgejo]
|
|
|
|
- name: Fetch forgejo internal token
|
|
ansible.builtin.command:
|
|
cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get w3663ffnvkewbftncqxtcpeavy --fields internal-token --reveal
|
|
delegate_to: localhost
|
|
register: _forgejo_internal_token
|
|
changed_when: false
|
|
no_log: true
|
|
check_mode: false
|
|
tags: [forgejo]
|
|
|
|
- name: Fetch forgejo OAuth2 JWT secret
|
|
ansible.builtin.command:
|
|
cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get w3663ffnvkewbftncqxtcpeavy --fields oauth2-jwt-secret --reveal
|
|
delegate_to: localhost
|
|
register: _forgejo_oauth2_jwt
|
|
changed_when: false
|
|
no_log: true
|
|
check_mode: false
|
|
tags: [forgejo]
|
|
|
|
- name: Set forgejo secrets facts
|
|
ansible.builtin.set_fact:
|
|
forgejo_lfs_jwt_secret: "{{ _forgejo_lfs_jwt.stdout }}"
|
|
forgejo_internal_token: "{{ _forgejo_internal_token.stdout }}"
|
|
forgejo_oauth2_jwt_secret: "{{ _forgejo_oauth2_jwt.stdout }}"
|
|
no_log: true
|
|
tags: [forgejo]
|
|
|
|
# Forgejo runner token (for indri-based runner)
|
|
- name: Fetch forgejo runner token
|
|
ansible.builtin.command:
|
|
cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get w3663ffnvkewbftncqxtcpeavy --fields runner_reg --reveal
|
|
delegate_to: localhost
|
|
register: _forgejo_runner_token
|
|
changed_when: false
|
|
no_log: true
|
|
check_mode: false
|
|
tags: [forgejo_runner]
|
|
|
|
- name: Set forgejo runner token fact
|
|
ansible.builtin.set_fact:
|
|
forgejo_runner_token: "{{ _forgejo_runner_token.stdout }}"
|
|
no_log: true
|
|
tags: [forgejo_runner]
|
|
|
|
roles:
|
|
- role: alloy
|
|
tags: alloy
|
|
- role: borgmatic
|
|
tags: borgmatic
|
|
- role: borgmatic_metrics
|
|
tags: borgmatic_metrics
|
|
- role: forgejo
|
|
tags: forgejo
|
|
- role: zot
|
|
tags: zot
|
|
- role: zot_metrics
|
|
tags: zot_metrics
|
|
- role: minikube
|
|
tags: minikube
|
|
- role: minikube_metrics
|
|
tags: minikube_metrics
|
|
- role: plex_metrics
|
|
tags: plex_metrics
|
|
- role: tailscale_serve
|
|
tags: tailscale-serve
|
|
- role: forgejo_runner
|
|
tags: forgejo_runner
|