refactor: Move secrets to vault and improve portability

inventory/group_vars/all.yml

@@ -1,7 +1,16 @@
 $ANSIBLE_VAULT;1.1;AES256
-65626131663665313435333366626231396433653332376436636164303438343137633031363335
-3365373662376231636637326138313032353237353264340a643737653636316237363761386434
-36396636626638316166333332383437306532613532343333623864616234616637383566396636
-6439656639343938630a363437393735663939363566396166386137616232306336333631366335
-37653335346131346631376634303933626631643563366264383535323433653032306232636134
-6161376664353231636239363163616264656665363032386161
+36626339336631383230366330653234626435333066353638666561633262646636363537656636
+3934383761653837346335323261393035326539306563350a323965626530643162616430393064
+63326665366361396564306132626635386262613265333764323630633965326539383737653137
+6438646165666464630a396361306139323664366564376263636639643138316133333532363564
+35636635363137633438643464383933313361613333353766303631663738626333323937306235
+39313639353239393432646333316634333436343163386139363965313738346264623561633332
+65303733366430383438616164323538333564303961386637643130333862383836306133633131
+34393532353330623031373136636566626230616434386435333338626631656464333661633464
+32323330393038666564363965343632313230333833316365613537376633346362353730383965
+65643664386564346430303334643132633936663163666236396433666137613339343761373338
+61363335393637346134396165333437666364633639323431323833313932306237306430336530
+39393034303537633733306133373530303239333339336465386631393866323735313639626166
+32336564366263343539346139656665353830323533623233373061323837616132626238333632
+62383531373966373131633531306430316462393430623734323161643366316233396338306336
+376133653336343338303136316539643062

playbooks/roles/containers/subroles/pihole/defaults/main.yml

@@ -6,7 +6,7 @@ pi_hole_host_port: "314"
 pi_hole_dns_port: "53"
 pi_hole_timezone: "Europe/Berlin"
 pi_hole_volume_dir: "/opt/pi-hole"  # Directory to store Pi-Hole data
-pi_hole_web_password: "risICE3!risICE3!"  # Change this to a secure password
+pi_hole_web_password: "{{ vault_pi_hole_web_password }}"
 blocklists:
   - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt
   - https://raw.githubusercontent.com/daylamtayari/Pi-Hole-Blocklist/master/Pi-Hole-Blocklist.txt

playbooks/roles/containers/subroles/pihole/files/stack.yml

@@ -8,7 +8,7 @@ services:
       - '80:80/tcp'
     environment:
       - TZ=Europe/Berlin
-      - WEBPASSWORD=risICE3!risICE3!
+      - WEBPASSWORD={{ vault_pi_hole_web_password }}
     volumes:
       - './etc-pihole:/etc/pihole'
       - './etc-dnsmasq.d:/etc/dnsmasq.d'

playbooks/roles/gitea/defaults/main.yml

@@ -6,5 +6,5 @@ gitea_port: 3000
 postgres_host: "localhost"
 postgres_port: 5432
 postgres_db: "postgres"
-postgres_user: "tobi"
-postgres_password: "risICE3"
+postgres_user: "ansible"
+postgres_password: "{{ vault_postgres_password }}"

playbooks/roles/network/defaults/main.yml

@@ -5,7 +5,7 @@ nginx_proxy_manager_data_path: "/opt/nginx-proxy-manager/data"
 nginx_proxy_manager_letsencrypt_path: "/opt/nginx-proxy-manager/letsencrypt"
 nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager/docker-compose.yml"
 nginx_proxy_manager_admin_email: "tobend85@gmail.com"
-nginx_proxy_manager_admin_password: "risICE3"
+nginx_proxy_manager_admin_password: "{{ vault_nginx_proxy_manager_admin_password }}"
 nginx_proxy_manager_port: "9900"
 nginx_proxy_manager_ssl_port: "443"
 # Docker network configuration
@@ -18,5 +18,5 @@ wireguard_easy_admin_port: "51821"
 wireguard_easy_data_dir: "/etc/wireguard"
 wireguard_easy_config_dir: "/opt/network"
 wireguard_easy_host: "130.162.231.152"
-wireguard_easy_password: "admin"
+wireguard_easy_password: "{{ vault_wireguard_easy_password }}"
 wireguard_easy_password_hash: ""

playbooks/roles/postgres/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 postgres_container_name: postgres
 postgres_port: 5432
-postgres_user: tobi
-postgres_password: risICE3
+postgres_user: "ansible"
+postgres_password: "{{ vault_postgres_password }}"
 postgres_data_dir: /var/lib/postgresql/data/pgdata
 postgres_volume: /opt/postgresData