Refactor the vault/secrets

playbooks/roles/forgejo/defaults/main.yml

@@ -1,4 +1,10 @@
 ---
+forgejo_server_lfs_jwt_secret: "{{ undef() }}"
+forgejo_security_internal_token: "{{ undef() }}"
+forgejo_security_secret_key: "{{ undef() }}"
+forgejo_oauth2_jwt_secret: "{{ undef() }}"
+forgejo_umami: "{{ undef() }}"
+
 forgejo_svc:
   domain: "{{ all_services | service_get_domain(role_name) }}"
   port: 3000
@@ -37,13 +43,13 @@ forgejo_ini:
     SSH_PORT: "{{ svc.ssh_port }}"
     ROOT_URL: https://{{ svc.domain }}
     OFFLINE_MODE: true
-    LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}"
+    LFS_JWT_SECRET: "{{ forgejo_server_lfs_jwt_secret | mandatory }}"
     LFS_START_SERVER: true
 
   security:
     INSTALL_LOCK: true
-    INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}"
-    SECRET_KEY: "{{ vault_forgejo.security_secret_key }}"
+    INTERNAL_TOKEN: "{{ forgejo_security_internal_token | mandatory }}"
+    SECRET_KEY: "{{ forgejo_security_secret_key | mandatory }}"
 
   openid:
     ENABLE_OPENID_SIGNUP: true
@@ -75,14 +81,14 @@ forgejo_ini:
     MAX_FILES: 10
 
   oauth2:
-    JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}"
+    JWT_SECRET: "{{ forgejo_oauth2_jwt_secret | mandatory }}"
 
   log.console:
     FLAGS: "level,medfile,shortfuncname"
 
   metrics:
     ENABLED: true
-    TOKEN: "{{ vault_metrics_token }}"
+    TOKEN: "{{ metrics_token | mandatory }}"
 
   actions:
     ENABLED: true

playbooks/roles/forgejo/templates/footer.tmpl.j2

@@ -1,2 +1,2 @@
-<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
+<script async src="/_a/script.js" data-website-id="{{ forgejo_umami | mandatory }}"></script>
 <script async src="/_a/track-external.js"></script>