From 85076cf8750449b5b53262b956a0381996f76762 Mon Sep 17 00:00:00 2001
From: Justus Grunow <jg@justus.ws>
Date: Fri, 15 Nov 2024 11:20:29 -0500
Subject: [PATCH] Replaced and rotated all secrets in docker-int compose

---
 ansible/assets/docker-int/compose.yml.j2     | 28 ++++++++++----------
 ansible/inventory/host_vars/docker-int/vars  |  3 +++
 ansible/inventory/host_vars/docker-int/vault | 10 +++++++
 3 files changed, 27 insertions(+), 14 deletions(-)
 create mode 100644 ansible/inventory/host_vars/docker-int/vars
 create mode 100644 ansible/inventory/host_vars/docker-int/vault

diff --git a/ansible/assets/docker-int/compose.yml.j2 b/ansible/assets/docker-int/compose.yml.j2
index f5092b6..2862869 100644
--- a/ansible/assets/docker-int/compose.yml.j2
+++ b/ansible/assets/docker-int/compose.yml.j2
@@ -29,7 +29,7 @@ services:
             - "./letsencrypt:/letsencrypt"
             - "./logsTraefik:/var/log/traefik"
         environment:
-            - "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629"
+            - "CF_API_KEY={{ cf_api_key }}"
             - "CF_API_EMAIL=jg@justus.ws"
     # squid:
     #    container_name: squid
@@ -97,22 +97,22 @@ services:
             - "8081:8080"
         environment:
             WEBDAV_USERNAME: alice
-            WEBDAV_PASSWORD: secret1234
+            WEBDAV_PASSWORD: "{{ webdav_password }}"
             UID: 1001
         volumes:
             - ./consume:/media
-              # webdav:
-              #  container_name: webdav
-              #  image: bytemark/webdav
-              #  restart: unless-stopped
-              #  ports:
-              #    - "8081:80"
-              #  environment:
-              #    AUTH_TYPE: Digest
-              #    USERNAME: alice
-              #    PASSWORD: secret1234
-              #  volumes:
-              #    - consume:/var/lib/dav/data/ScannerPro
+            # webdav:
+            #  container_name: webdav
+            #  image: bytemark/webdav
+            #  restart: unless-stopped
+            #  ports:
+            #    - "8081:80"
+            #  environment:
+            #    AUTH_TYPE: Digest
+            #    USERNAME: alice
+            #    PASSWORD: secret1234
+            #  volumes:
+            #    - consume:/var/lib/dav/data/ScannerPro
         labels:
             - "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)"
     testweb:
diff --git a/ansible/inventory/host_vars/docker-int/vars b/ansible/inventory/host_vars/docker-int/vars
new file mode 100644
index 0000000..9039fb4
--- /dev/null
+++ b/ansible/inventory/host_vars/docker-int/vars
@@ -0,0 +1,3 @@
+---
+cf_api_key: "{{ vault_cf_api_key }}"
+webdav_password: "{{ vault_webdav_password }}"
diff --git a/ansible/inventory/host_vars/docker-int/vault b/ansible/inventory/host_vars/docker-int/vault
new file mode 100644
index 0000000..82293cd
--- /dev/null
+++ b/ansible/inventory/host_vars/docker-int/vault
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+35353935306336363466613765393230363230396162346665373961653631636464383737356331
+3835326264613564613034663166656333663464373835610a346239366162323935383362316263
+31346237376639376331616463306165643462633032366136626464313063373032646162336539
+3832653562376661610a386663313034326165336630333463333131343432613636613539643365
+39653238646535613962373234363732636539623262363361663038303930353965316535373262
+31306136336663643634376366396537653162376635303961643864613335653364316163386538
+37396531623265656431306635343230386365353364316264353431613138326264666561346439
+34373464653764303062353532333865666133373562313232613136383234306139633036386238
+30303430303334613735313534663935663266393036666262376635656536323230