From 0bbfe1acec5e59803c630137e57be3566e9b1f62 Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Sun, 27 Oct 2024 16:51:01 +0100 Subject: [PATCH] Move secrets into .env into ansible-vault --- .env.example | 50 ++++++++++++++++++++++++++++++++++--- .envrc | 3 +++ .gitignore | 1 - Makefile | 3 --- creds.json | 6 ++--- secrets.auto.tfvars.example | 41 ------------------------------ 6 files changed, 53 insertions(+), 51 deletions(-) delete mode 100644 secrets.auto.tfvars.example diff --git a/.env.example b/.env.example index b8a233d..b8dae2d 100755 --- a/.env.example +++ b/.env.example @@ -1,3 +1,47 @@ -OVH_APP_KEY= -OVH_APP_SECRET_KEY= -OVH_CONSUMER_KEY= +DNSCONTROL_ovh_app_key= +DNSCONTROL_ovh_app_secret_key= +DNSCONTROL_ovh_consumer_key= + + + +TF_VAR_passphrase= + +TF_VAR_backend_access_key= +TF_VAR_backend_secret_key= +TF_VAR_backend_endpoint= +TF_VAR_backend_region= +TF_VAR_backend_bucket= + + +TF_VAR_authentik_token= + +TF_VAR_aws_region= +TF_VAR_aws_access_key= +TF_VAR_aws_secret_key= + +TF_VAR_contabo_client_id= +TF_VAR_contabo_client_secret= +TF_VAR_contabo_user= +TF_VAR_contabo_pass= + +TF_VAR_hcloud_token= + +TF_VAR_healthchecksio_api_key= + +TF_VAR_ovh_application_key= +TF_VAR_ovh_application_secret= +TF_VAR_ovh_consumer_key= + +TF_VAR_postgresql_username= +TF_VAR_postgresql_password= + +TF_VAR_scaleway_organization_id= +TF_VAR_scaleway_project_id= +TF_VAR_scaleway_access_key= +TF_VAR_scaleway_secret_key= + +TF_VAR_tailscale_api_key= +TF_VAR_tailscale_tailnet= + + +TF_VAR_email_domains='["example.com"]' diff --git a/.envrc b/.envrc index 1d953f4..b5eb71d 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,4 @@ use nix + +eval "$(ansible-vault view .env | direnv dotenv bash /dev/stdin)" +watch_file ".env" diff --git a/.gitignore b/.gitignore index d890845..0396a5e 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,6 @@ dns/hosts.json dns/services.json dns/dkim-ses.json -secrets.auto.tfvars .terraform inventory/group_vars/all/serguzim.net.yml diff --git a/Makefile b/Makefile index 50761d1..ef933f7 100644 --- a/Makefile +++ b/Makefile @@ -2,9 +2,6 @@ SHELL := /bin/bash TAGS ?= all -include .env -export - PWD := $(shell pwd) .FORCE: diff --git a/creds.json b/creds.json index 42eff23..4716dab 100644 --- a/creds.json +++ b/creds.json @@ -4,9 +4,9 @@ }, "ovh": { "TYPE": "OVH", - "app-key": "$OVH_APP_KEY", - "app-secret-key": "$OVH_APP_SECRET_KEY", - "consumer-key": "$OVH_CONSUMER_KEY", + "app-key": "$DNSCONTROL_ovh_app_key", + "app-secret-key": "$DNSCONTROL_ovh_app_secret_key", + "consumer-key": "$DNSCONTROL_ovh_consumer_key", "endpoint": "eu" } } diff --git a/secrets.auto.tfvars.example b/secrets.auto.tfvars.example deleted file mode 100644 index 4c971d0..0000000 --- a/secrets.auto.tfvars.example +++ /dev/null @@ -1,41 +0,0 @@ -backend_access_key = "" -backend_secret_key = "" -backend_endpoint = "" -backend_region = "" -backend_bucket = "" - - -authentik_token = "" - -aws_region = "" -aws_access_key = "" -aws_secret_key = "" - -contabo_client_id = "" -contabo_client_secret = "" -contabo_user = "" -contabo_pass = "" - -hcloud_token = "" - -healthchecksio_api_key = "" - -ovh_application_key = "" -ovh_application_secret = "" -ovh_consumer_key = "" - -postgresql_username = "" -postgresql_password = "" - -scaleway_organization_id = "" -scaleway_project_id = "" -scaleway_access_key = "" -scaleway_secret_key = "" - -tailscale_api_key = "" -tailscale_tailnet = "" - - -email_domains = [ - "example.com", -]