add template extraction
All checks were successful
Deploy Containers / Prepare (push) Successful in 4s
All checks were successful
Deploy Containers / Prepare (push) Successful in 4s
This commit is contained in:
33
.gitea/workflows/write-new-template.yml
Normal file
33
.gitea/workflows/write-new-template.yml
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
name: Create New Secrets Template
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- "host_vars/**"
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
create-pr:
|
||||||
|
name: Extract updated template
|
||||||
|
runs-on: runner
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Run extraction script
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.VAULT_PASS }}" > ~/.vault_pass.txt
|
||||||
|
rm host_vars/all.template.yml
|
||||||
|
python3 scripts/extract_to_template.py
|
||||||
|
|
||||||
|
- name: Create PR
|
||||||
|
uses: peter-evans/create-pull-request@v6
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.TOKEN }}
|
||||||
|
commit-message: "Extract new template"
|
||||||
|
branch: "template-extraction"
|
||||||
|
title: "Automated Template Extraction"
|
||||||
|
body: "PR to update the template as new secrets were added"
|
||||||
|
base: main
|
||||||
@@ -1,112 +0,0 @@
|
|||||||
# global
|
|
||||||
data_dir:
|
|
||||||
docker_network_name:
|
|
||||||
PUID:
|
|
||||||
PGID:
|
|
||||||
TZ:
|
|
||||||
|
|
||||||
# glance
|
|
||||||
GLANCE_PIHOLE_TOKEN:
|
|
||||||
GLANCE_VIDEO_MACHINE:
|
|
||||||
GLANCE_JELLYFIN_URL:
|
|
||||||
GLANCE_JELLYFIN_TOKEN:
|
|
||||||
|
|
||||||
# tinyauth
|
|
||||||
TINYAUTH_USERS:
|
|
||||||
TINYAUTH_SECRET:
|
|
||||||
TINYAUTH_APP_URL:
|
|
||||||
TINYAUTH_GENERIC_CLIENT_ID:
|
|
||||||
TINYAUTH_GENERIC_CLIENT_SECRET:
|
|
||||||
TINYAUTH_GENERIC_AUTH_URL:
|
|
||||||
TINYAUTH_GENERIC_TOKEN_URL:
|
|
||||||
TINYAUTH_GENERIC_USER_URL:
|
|
||||||
TINYAUTH_GENERIC_SCOPES:
|
|
||||||
TINYAUTH_GENERIC_NAME:
|
|
||||||
TINYAUTH_OAUTH_WHITELIST:
|
|
||||||
TINYAUTH_APP_TITLE:
|
|
||||||
TINYAUTH_BACKGROUND_IMAGE:
|
|
||||||
|
|
||||||
# code-server
|
|
||||||
CODE_PROXY_DOMAIN:
|
|
||||||
CODE_DEFAULT_WORKSPACE:
|
|
||||||
|
|
||||||
# dozzle
|
|
||||||
DOZZLE_ACTIONS:
|
|
||||||
DOZZLE_SHELL:
|
|
||||||
|
|
||||||
# gluetun
|
|
||||||
GLUETUN_VPN_SERVICE_PROVIDER:
|
|
||||||
GLUETUN_VPN_TYPE:
|
|
||||||
GLUETUN_WIREGUARD_PRIVATE_KEY:
|
|
||||||
GLUETUN_WIREGUARD_ADDRESSES:
|
|
||||||
GLUETUN_SERVER_COUNTRIES:
|
|
||||||
GLUETUN_SERVER_CITIES:
|
|
||||||
GLUETUN_SERVER_HOSTNAMES:
|
|
||||||
|
|
||||||
# immich
|
|
||||||
IMMICH_UPLOAD_LOCATION:
|
|
||||||
IMMICH_DB_DATA_LOCATION: /postgres
|
|
||||||
IMMICH_VERSION: release
|
|
||||||
IMMICH_DB_PASSWORD: postgres
|
|
||||||
IMMICH_DB_USERNAME: postgres
|
|
||||||
IMMICH_DB_DATABASE_NAME: postgres
|
|
||||||
|
|
||||||
# jellyfin
|
|
||||||
JELLYFIN_TV_PATH:
|
|
||||||
JELLYFIN_MOVIE_PATH:
|
|
||||||
JELLYFIN_MUSIC_PATH:
|
|
||||||
|
|
||||||
# navidrome
|
|
||||||
NAVIDROME_MUSIC_PATH:
|
|
||||||
|
|
||||||
# nextcloud
|
|
||||||
NEXTCLOUD_POSTGRES_PASSWORD:
|
|
||||||
NEXTCLOUD_POSTGRES_DATABASE:
|
|
||||||
NEXTCLOUD_POSTGRES_USER:
|
|
||||||
NEXTCLOUD_POSTGRES_HOST:
|
|
||||||
|
|
||||||
# ntfy
|
|
||||||
NTFY_UPSTREAM_BASE_URL: https://ntfy.sh
|
|
||||||
NTFY_BASE_URL:
|
|
||||||
|
|
||||||
# nzbget
|
|
||||||
NZBGET_USER:
|
|
||||||
NZBGET_PASS:
|
|
||||||
NZBGET_DOWNLOADS_PATH:
|
|
||||||
|
|
||||||
# pihole
|
|
||||||
PIHOLE_FTLCONF_WEBSERVER_API_PASSWORD:
|
|
||||||
|
|
||||||
# pocketid
|
|
||||||
POCKETID_APP_URL:
|
|
||||||
POCKETID_TRUST_PROXY:
|
|
||||||
|
|
||||||
# romm
|
|
||||||
ROMM_AUTH_SECRET_KEY:
|
|
||||||
ROMM_LIBRARY_PATH:
|
|
||||||
ROMM_IGDB_CLIENT_ID:
|
|
||||||
ROMM_IGDB_CLIENT_SECRET:
|
|
||||||
ROMM_OIDC_ENABLED:
|
|
||||||
ROMM_OIDC_PROVIDER:
|
|
||||||
ROMM_OIDC_CLIENT_ID:
|
|
||||||
ROMM_OIDC_CLIENT_SECRET:
|
|
||||||
ROMM_OIDC_REDIRECT_URL:
|
|
||||||
ROMM_SERVER_APPLICATION_URL:
|
|
||||||
|
|
||||||
# servarr
|
|
||||||
SERVARR_MEDIA_PATH:
|
|
||||||
|
|
||||||
# syncthing
|
|
||||||
SYNCTHING_DATA_PATH:
|
|
||||||
|
|
||||||
# vaultwarden
|
|
||||||
VAULTWARDEN_DOMAIN:
|
|
||||||
|
|
||||||
# gitea runner
|
|
||||||
GITEA_INSTANCE_URL:
|
|
||||||
GITEA_RUNNER_REGISTRATION_TOKEN:
|
|
||||||
GITEA_RUNNER_NAME:
|
|
||||||
GITEA_RUNNER_LABELS:
|
|
||||||
|
|
||||||
# grafana
|
|
||||||
GRAFANA_AUTH_ANONYMOUS_ENABLED:
|
|
||||||
29
scripts/extract_to_template.py
Normal file
29
scripts/extract_to_template.py
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
host_vars_path = os.path.abspath('host_vars')
|
||||||
|
file_contents = ""
|
||||||
|
|
||||||
|
if os.path.exists(host_vars_path):
|
||||||
|
vaults = os.listdir(host_vars_path)
|
||||||
|
|
||||||
|
print(vaults)
|
||||||
|
for vault in vaults:
|
||||||
|
vault_path = os.path.join(host_vars_path, vault)
|
||||||
|
print(f'ansible-vault decrypt "{vault_path}" --vault-password-file ~/.vault_pass.txt')
|
||||||
|
vault_contents = subprocess.run(f'ansible-vault decrypt "{vault_path}" --vault-password-file ~/.vault_pass.txt --output -', shell=True, universal_newlines=True, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
|
||||||
|
stdout = vault_contents.stdout.strip().splitlines()
|
||||||
|
|
||||||
|
for line in stdout:
|
||||||
|
if line.startswith("#") and line not in file_contents:
|
||||||
|
file_contents += f"\n{line}\n"
|
||||||
|
|
||||||
|
if ":" in line:
|
||||||
|
if line.split(":")[0] not in file_contents:
|
||||||
|
file_contents += f'{line.split(":")[0]}:\n'
|
||||||
|
|
||||||
|
with open(os.path.join(host_vars_path, 'all.template.yml'), 'w', encoding="utf8") as template_file:
|
||||||
|
template_file.write(file_contents)
|
||||||
|
template_file.close()
|
||||||
|
|
||||||
|
print("Written to disk!")
|
||||||
Reference in New Issue
Block a user