use lookup dotenv

ansible/roles/our/tasks/stack.yml

@@ -31,21 +31,8 @@
   loop:
     - compose.production.yaml
 
-- name: Load environment variables
-  set_fact:
-    our_env_vars: "{{ lookup('community.general.read_dotenv', '../../../../.env.production') }}"
-
-- name: Create Docker secrets dynamically
-  when: inventory_hostname == (groups['swarm'] | first)
-  community.docker.docker_secret:
-    name: "{{ item.key }}"
-    data: "{{ item.value | b64encode }}"
-    data_is_b64: true
-    state: present
-  loop: "{{ our_env_vars | dict2items }}"
-
 - name: Deploy stack
-  when: inventory_hostname == groups['swarm'] | first
+  when: inventory_hostname == (groups['swarm'] | first)
   community.docker.docker_stack:
     state: present
     name: our
@@ -54,53 +41,53 @@
       - services:
           environment:
             server:
-              DATABASE_URL: "{{ our_env_vars.DATABASE_URL }}"
+              DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
-              NODE_ENV: "{{ our_env_vars.NODE_ENV }}"
+              NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
-              ORIGIN: "{{ our_env_vars.ORIGIN }}"
+              ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
-              PATREON_API_ORIGIN: "{{ our_env_vars.PATREON_API_ORIGIN }}"
+              PATREON_API_ORIGIN: "{{ lookup('dotenv', 'PATREON_API_ORIGIN', file='../../../../.env.production') }}"
-              PATREON_AUTHORIZE_PATH: "{{ our_env_vars.PATREON_AUTHORIZE_PATH }}"
+              PATREON_AUTHORIZE_PATH: "{{ lookup('dotenv', 'PATREON_AUTHORIZE_PATH', file='../../../../.env.production') }}"
-              PATREON_TOKEN_PATH: "{{ our_env_vars.PATREON_TOKEN_PATH }}"
+              PATREON_TOKEN_PATH: "{{ lookup('dotenv', 'PATREON_TOKEN_PATH', file='../../../../.env.production') }}"
-              PATREON_CLIENT_ID: "{{ our_env_vars.PATREON_CLIENT_ID }}"
+              PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../../../../.env.production') }}"
-              PATREON_CLIENT_SECRET: "{{ our_env_vars.PATREON_CLIENT_SECRET }}"
+              PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../../../../.env.production') }}"
-              COOKIE_SECRET: "{{ our_env_vars.COOKIE_SECRET }}"
+              COOKIE_SECRET: "{{ lookup('dotenv', 'COOKIE_SECRET', file='../../../../.env.production') }}"
-              S3_REGION: "{{ our_env_vars.S3_REGION }}"
+              S3_REGION: "{{ lookup('dotenv', 'S3_REGION', file='../../../../.env.production') }}"
-              S3_BUCKET: "{{ our_env_vars.S3_BUCKET }}"
+              S3_BUCKET: "{{ lookup('dotenv', 'S3_BUCKET', file='../../../../.env.production') }}"
-              S3_APPLICATION_KEY: "{{ our_env_vars.S3_APPLICATION_KEY }}"
+              S3_APPLICATION_KEY: "{{ lookup('dotenv', 'S3_APPLICATION_KEY', file='../../../../.env.production') }}"
-              S3_KEY_ID: "{{ our_env_vars.S3_KEY_ID }}"
+              S3_KEY_ID: "{{ lookup('dotenv', 'S3_KEY_ID', file='../../../../.env.production') }}"
-              S3_ENDPOINT: "{{ our_env_vars.S3_ENDPOINT }}"
+              S3_ENDPOINT: "{{ lookup('dotenv', 'S3_ENDPOINT', file='../../../../.env.production') }}"
-              CDN_ORIGIN: "{{ our_env_vars.CDN_ORIGIN }}"
+              CDN_ORIGIN: "{{ lookup('dotenv', 'CDN_ORIGIN', file='../../../../.env.production') }}"
-              CDN_TOKEN_SECRET: "{{ our_env_vars.CDN_TOKEN_SECRET }}"
+              CDN_TOKEN_SECRET: "{{ lookup('dotenv', 'CDN_TOKEN_SECRET', file='../../../../.env.production') }}"
-              WHISPER_DIR: "{{ our_env_vars.WHISPER_DIR }}"
+              WHISPER_DIR: "{{ lookup('dotenv', 'WHISPER_DIR', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY_ID: "{{ our_env_vars.B2_APPLICATION_KEY_ID }}"
+              B2_APPLICATION_KEY_ID: "{{ lookup('dotenv', 'B2_APPLICATION_KEY_ID', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY: "{{ our_env_vars.B2_APPLICATION_KEY }}"
+              B2_APPLICATION_KEY: "{{ lookup('dotenv', 'B2_APPLICATION_KEY', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_URL: "{{ our_env_vars.SEEDBOX_SFTP_URL }}"
+              SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_USERNAME: "{{ our_env_vars.SEEDBOX_SFTP_USERNAME }}"
+              SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_PASSWORD: "{{ our_env_vars.SEEDBOX_SFTP_PASSWORD }}"
+              SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
             worker:
-              DATABASE_URL: "{{ our_env_vars.DATABASE_URL }}"
+              DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
-              NODE_ENV: "{{ our_env_vars.NODE_ENV }}"
+              NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
-              ORIGIN: "{{ our_env_vars.ORIGIN }}"
+              ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
-              PATREON_API_ORIGIN: "{{ our_env_vars.PATREON_API_ORIGIN }}"
+              PATREON_API_ORIGIN: "{{ lookup('dotenv', 'PATREON_API_ORIGIN', file='../../../../.env.production') }}"
-              PATREON_AUTHORIZE_PATH: "{{ our_env_vars.PATREON_AUTHORIZE_PATH }}"
+              PATREON_AUTHORIZE_PATH: "{{ lookup('dotenv', 'PATREON_AUTHORIZE_PATH', file='../../../../.env.production') }}"
-              PATREON_TOKEN_PATH: "{{ our_env_vars.PATREON_TOKEN_PATH }}"
+              PATREON_TOKEN_PATH: "{{ lookup('dotenv', 'PATREON_TOKEN_PATH', file='../../../../.env.production') }}"
-              PATREON_CLIENT_ID: "{{ our_env_vars.PATREON_CLIENT_ID }}"
+              PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../../../../.env.production') }}"
-              PATREON_CLIENT_SECRET: "{{ our_env_vars.PATREON_CLIENT_SECRET }}"
+              PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../../../../.env.production') }}"
-              COOKIE_SECRET: "{{ our_env_vars.COOKIE_SECRET }}"
+              COOKIE_SECRET: "{{ lookup('dotenv', 'COOKIE_SECRET', file='../../../../.env.production') }}"
-              S3_REGION: "{{ our_env_vars.S3_REGION }}"
+              S3_REGION: "{{ lookup('dotenv', 'S3_REGION', file='../../../../.env.production') }}"
-              S3_BUCKET: "{{ our_env_vars.S3_BUCKET }}"
+              S3_BUCKET: "{{ lookup('dotenv', 'S3_BUCKET', file='../../../../.env.production') }}"
-              S3_APPLICATION_KEY: "{{ our_env_vars.S3_APPLICATION_KEY }}"
+              S3_APPLICATION_KEY: "{{ lookup('dotenv', 'S3_APPLICATION_KEY', file='../../../../.env.production') }}"
-              S3_KEY_ID: "{{ our_env_vars.S3_KEY_ID }}"
+              S3_KEY_ID: "{{ lookup('dotenv', 'S3_KEY_ID', file='../../../../.env.production') }}"
-              S3_ENDPOINT: "{{ our_env_vars.S3_ENDPOINT }}"
+              S3_ENDPOINT: "{{ lookup('dotenv', 'S3_ENDPOINT', file='../../../../.env.production') }}"
-              CDN_ORIGIN: "{{ our_env_vars.CDN_ORIGIN }}"
+              CDN_ORIGIN: "{{ lookup('dotenv', 'CDN_ORIGIN', file='../../../../.env.production') }}"
-              CDN_TOKEN_SECRET: "{{ our_env_vars.CDN_TOKEN_SECRET }}"
+              CDN_TOKEN_SECRET: "{{ lookup('dotenv', 'CDN_TOKEN_SECRET', file='../../../../.env.production') }}"
-              WHISPER_DIR: "{{ our_env_vars.WHISPER_DIR }}"
+              WHISPER_DIR: "{{ lookup('dotenv', 'WHISPER_DIR', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY_ID: "{{ our_env_vars.B2_APPLICATION_KEY_ID }}"
+              B2_APPLICATION_KEY_ID: "{{ lookup('dotenv', 'B2_APPLICATION_KEY_ID', file='../../../../.env.production') }}"
-              B2_APPLICATION_KEY: "{{ our_env_vars.B2_APPLICATION_KEY }}"
+              B2_APPLICATION_KEY: "{{ lookup('dotenv', 'B2_APPLICATION_KEY', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_URL: "{{ our_env_vars.SEEDBOX_SFTP_URL }}"
+              SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_USERNAME: "{{ our_env_vars.SEEDBOX_SFTP_USERNAME }}"
+              SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
-              SEEDBOX_SFTP_PASSWORD: "{{ our_env_vars.SEEDBOX_SFTP_PASSWORD }}"
+              SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
             pgadmin:
-              PGADMIN_DEFAULT_EMAIL: "{{ our_env_vars.PGADMIN_DEFAULT_EMAIL }}"
+              PGADMIN_DEFAULT_EMAIL: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_EMAIL', file='../../../../.env.production') }}"
-              PGADMIN_DEFAULT_PASSWORD: "{{ our_env_vars.PGADMIN_DEFAULT_PASSWORD }}"
+              PGADMIN_DEFAULT_PASSWORD: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_PASSWORD', file='../../../../.env.production') }}"
             tailscale-pgadmin:
-              TS_AUTHKEY: "{{ our_env_vars.TS_AUTHKEY }}"
+              TS_AUTHKEY: "{{ lookup('dotenv', 'TS_AUTHKEY', file='../../../../.env.production') }}"