use lookup dotenv

2025-10-07 20:25:56 -08:00 · 2025-10-07 20:25:56 -08:00 · 4b64056efc
commit 4b64056efc
parent f1695d1d8d
1 changed files with 48 additions and 61 deletions
--- a/ansible/roles/our/tasks/stack.yml
+++ b/ansible/roles/our/tasks/stack.yml
@ -31,21 +31,8 @@
  loop:
    - compose.production.yaml

- name: Load environment variables
-  set_fact:
-    our_env_vars: "{{ lookup('community.general.read_dotenv', '../../../../.env.production') }}"
-
- name: Create Docker secrets dynamically
-  when: inventory_hostname == (groups['swarm'] | first)
-  community.docker.docker_secret:
-    name: "{{ item.key }}"
-    data: "{{ item.value | b64encode }}"
-    data_is_b64: true
-    state: present
-  loop: "{{ our_env_vars | dict2items }}"
-
 - name: Deploy stack
-  when: inventory_hostname == groups['swarm'] | first
+  when: inventory_hostname == (groups['swarm'] | first)
  community.docker.docker_stack:
    state: present
    name: our
@ -54,53 +41,53 @@
      - services:
          environment:
            server:
-              DATABASE_URL: "{{ our_env_vars.DATABASE_URL }}"
-              NODE_ENV: "{{ our_env_vars.NODE_ENV }}"
-              ORIGIN: "{{ our_env_vars.ORIGIN }}"
-              PATREON_API_ORIGIN: "{{ our_env_vars.PATREON_API_ORIGIN }}"
-              PATREON_AUTHORIZE_PATH: "{{ our_env_vars.PATREON_AUTHORIZE_PATH }}"
-              PATREON_TOKEN_PATH: "{{ our_env_vars.PATREON_TOKEN_PATH }}"
-              PATREON_CLIENT_ID: "{{ our_env_vars.PATREON_CLIENT_ID }}"
-              PATREON_CLIENT_SECRET: "{{ our_env_vars.PATREON_CLIENT_SECRET }}"
-              COOKIE_SECRET: "{{ our_env_vars.COOKIE_SECRET }}"
-              S3_REGION: "{{ our_env_vars.S3_REGION }}"
-              S3_BUCKET: "{{ our_env_vars.S3_BUCKET }}"
-              S3_APPLICATION_KEY: "{{ our_env_vars.S3_APPLICATION_KEY }}"
-              S3_KEY_ID: "{{ our_env_vars.S3_KEY_ID }}"
-              S3_ENDPOINT: "{{ our_env_vars.S3_ENDPOINT }}"
-              CDN_ORIGIN: "{{ our_env_vars.CDN_ORIGIN }}"
-              CDN_TOKEN_SECRET: "{{ our_env_vars.CDN_TOKEN_SECRET }}"
-              WHISPER_DIR: "{{ our_env_vars.WHISPER_DIR }}"
-              B2_APPLICATION_KEY_ID: "{{ our_env_vars.B2_APPLICATION_KEY_ID }}"
-              B2_APPLICATION_KEY: "{{ our_env_vars.B2_APPLICATION_KEY }}"
-              SEEDBOX_SFTP_URL: "{{ our_env_vars.SEEDBOX_SFTP_URL }}"
-              SEEDBOX_SFTP_USERNAME: "{{ our_env_vars.SEEDBOX_SFTP_USERNAME }}"
-              SEEDBOX_SFTP_PASSWORD: "{{ our_env_vars.SEEDBOX_SFTP_PASSWORD }}"
+              DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
+              NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
+              ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
+              PATREON_API_ORIGIN: "{{ lookup('dotenv', 'PATREON_API_ORIGIN', file='../../../../.env.production') }}"
+              PATREON_AUTHORIZE_PATH: "{{ lookup('dotenv', 'PATREON_AUTHORIZE_PATH', file='../../../../.env.production') }}"
+              PATREON_TOKEN_PATH: "{{ lookup('dotenv', 'PATREON_TOKEN_PATH', file='../../../../.env.production') }}"
+              PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../../../../.env.production') }}"
+              PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../../../../.env.production') }}"
+              COOKIE_SECRET: "{{ lookup('dotenv', 'COOKIE_SECRET', file='../../../../.env.production') }}"
+              S3_REGION: "{{ lookup('dotenv', 'S3_REGION', file='../../../../.env.production') }}"
+              S3_BUCKET: "{{ lookup('dotenv', 'S3_BUCKET', file='../../../../.env.production') }}"
+              S3_APPLICATION_KEY: "{{ lookup('dotenv', 'S3_APPLICATION_KEY', file='../../../../.env.production') }}"
+              S3_KEY_ID: "{{ lookup('dotenv', 'S3_KEY_ID', file='../../../../.env.production') }}"
+              S3_ENDPOINT: "{{ lookup('dotenv', 'S3_ENDPOINT', file='../../../../.env.production') }}"
+              CDN_ORIGIN: "{{ lookup('dotenv', 'CDN_ORIGIN', file='../../../../.env.production') }}"
+              CDN_TOKEN_SECRET: "{{ lookup('dotenv', 'CDN_TOKEN_SECRET', file='../../../../.env.production') }}"
+              WHISPER_DIR: "{{ lookup('dotenv', 'WHISPER_DIR', file='../../../../.env.production') }}"
+              B2_APPLICATION_KEY_ID: "{{ lookup('dotenv', 'B2_APPLICATION_KEY_ID', file='../../../../.env.production') }}"
+              B2_APPLICATION_KEY: "{{ lookup('dotenv', 'B2_APPLICATION_KEY', file='../../../../.env.production') }}"
+              SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
+              SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
+              SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
            worker:
-              DATABASE_URL: "{{ our_env_vars.DATABASE_URL }}"
-              NODE_ENV: "{{ our_env_vars.NODE_ENV }}"
-              ORIGIN: "{{ our_env_vars.ORIGIN }}"
-              PATREON_API_ORIGIN: "{{ our_env_vars.PATREON_API_ORIGIN }}"
-              PATREON_AUTHORIZE_PATH: "{{ our_env_vars.PATREON_AUTHORIZE_PATH }}"
-              PATREON_TOKEN_PATH: "{{ our_env_vars.PATREON_TOKEN_PATH }}"
-              PATREON_CLIENT_ID: "{{ our_env_vars.PATREON_CLIENT_ID }}"
-              PATREON_CLIENT_SECRET: "{{ our_env_vars.PATREON_CLIENT_SECRET }}"
-              COOKIE_SECRET: "{{ our_env_vars.COOKIE_SECRET }}"
-              S3_REGION: "{{ our_env_vars.S3_REGION }}"
-              S3_BUCKET: "{{ our_env_vars.S3_BUCKET }}"
-              S3_APPLICATION_KEY: "{{ our_env_vars.S3_APPLICATION_KEY }}"
-              S3_KEY_ID: "{{ our_env_vars.S3_KEY_ID }}"
-              S3_ENDPOINT: "{{ our_env_vars.S3_ENDPOINT }}"
-              CDN_ORIGIN: "{{ our_env_vars.CDN_ORIGIN }}"
-              CDN_TOKEN_SECRET: "{{ our_env_vars.CDN_TOKEN_SECRET }}"
-              WHISPER_DIR: "{{ our_env_vars.WHISPER_DIR }}"
-              B2_APPLICATION_KEY_ID: "{{ our_env_vars.B2_APPLICATION_KEY_ID }}"
-              B2_APPLICATION_KEY: "{{ our_env_vars.B2_APPLICATION_KEY }}"
-              SEEDBOX_SFTP_URL: "{{ our_env_vars.SEEDBOX_SFTP_URL }}"
-              SEEDBOX_SFTP_USERNAME: "{{ our_env_vars.SEEDBOX_SFTP_USERNAME }}"
-              SEEDBOX_SFTP_PASSWORD: "{{ our_env_vars.SEEDBOX_SFTP_PASSWORD }}"
+              DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
+              NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
+              ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
+              PATREON_API_ORIGIN: "{{ lookup('dotenv', 'PATREON_API_ORIGIN', file='../../../../.env.production') }}"
+              PATREON_AUTHORIZE_PATH: "{{ lookup('dotenv', 'PATREON_AUTHORIZE_PATH', file='../../../../.env.production') }}"
+              PATREON_TOKEN_PATH: "{{ lookup('dotenv', 'PATREON_TOKEN_PATH', file='../../../../.env.production') }}"
+              PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../../../../.env.production') }}"
+              PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../../../../.env.production') }}"
+              COOKIE_SECRET: "{{ lookup('dotenv', 'COOKIE_SECRET', file='../../../../.env.production') }}"
+              S3_REGION: "{{ lookup('dotenv', 'S3_REGION', file='../../../../.env.production') }}"
+              S3_BUCKET: "{{ lookup('dotenv', 'S3_BUCKET', file='../../../../.env.production') }}"
+              S3_APPLICATION_KEY: "{{ lookup('dotenv', 'S3_APPLICATION_KEY', file='../../../../.env.production') }}"
+              S3_KEY_ID: "{{ lookup('dotenv', 'S3_KEY_ID', file='../../../../.env.production') }}"
+              S3_ENDPOINT: "{{ lookup('dotenv', 'S3_ENDPOINT', file='../../../../.env.production') }}"
+              CDN_ORIGIN: "{{ lookup('dotenv', 'CDN_ORIGIN', file='../../../../.env.production') }}"
+              CDN_TOKEN_SECRET: "{{ lookup('dotenv', 'CDN_TOKEN_SECRET', file='../../../../.env.production') }}"
+              WHISPER_DIR: "{{ lookup('dotenv', 'WHISPER_DIR', file='../../../../.env.production') }}"
+              B2_APPLICATION_KEY_ID: "{{ lookup('dotenv', 'B2_APPLICATION_KEY_ID', file='../../../../.env.production') }}"
+              B2_APPLICATION_KEY: "{{ lookup('dotenv', 'B2_APPLICATION_KEY', file='../../../../.env.production') }}"
+              SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
+              SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
+              SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
            pgadmin:
-              PGADMIN_DEFAULT_EMAIL: "{{ our_env_vars.PGADMIN_DEFAULT_EMAIL }}"
-              PGADMIN_DEFAULT_PASSWORD: "{{ our_env_vars.PGADMIN_DEFAULT_PASSWORD }}"
+              PGADMIN_DEFAULT_EMAIL: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_EMAIL', file='../../../../.env.production') }}"
+              PGADMIN_DEFAULT_PASSWORD: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_PASSWORD', file='../../../../.env.production') }}"
            tailscale-pgadmin:
-              TS_AUTHKEY: "{{ our_env_vars.TS_AUTHKEY }}"
+              TS_AUTHKEY: "{{ lookup('dotenv', 'TS_AUTHKEY', file='../../../../.env.production') }}"