feat: implement comprehensive variable management system

- Create standardized group_vars directory structure - Add domains.yml with centralized subdomain mappings - Add infrastructure.yml with network, SMTP, and path config - Reorganize vault.yml secrets by service with consistent naming - Update 15+ Docker compose templates to use new variable structure - Simplify playbook commands by removing --extra-vars requirement - Replace hardcoded domains/IPs with template variables - Standardize secret references across all services 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 15:14:47 -06:00
parent 8d686c2aa5
commit 12582b352c
20 changed files with 187 additions and 104 deletions
--- a/roles/docker/templates/gitea-compose.yml.j2
+++ b/roles/docker/templates/gitea-compose.yml.j2
@ -7,17 +7,17 @@ services:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__mailer__ENABLED=true
-      - GITEA__mailer__FROM=git@updates.thesatelliteoflove.com
+      - GITEA__mailer__FROM=git@{{ email_domains.updates }}
      - GITEA__mailer__PROTOCOL=smtps
-      - GITEA__mailer__SMTP_ADDR=smtp.resend.com
+      - GITEA__mailer__SMTP_ADDR={{ smtp.host }}
      - GITEA__mailer__SMTP_PORT=465
-      - GITEA__mailer__USER=resend
-      - GITEA__mailer__PASSWD={{ resend_key }}
+      - GITEA__mailer__USER={{ smtp.username }}
+      - GITEA__mailer__PASSWD={{ vault_smtp.password }}
    restart: unless-stopped
    labels:
      glance.name: Gitea
      glance.icon: si:gitea
-      glance.url: https://git.thesatelliteoflove.com/
+      glance.url: https://{{ subdomains.git }}/
      glance.description: Code repo
      glance.id: gitea
    volumes:
@ -27,8 +27,8 @@ services:
    ports:
      - 222:22
    extra_hosts:
-      - 'auth.thesatelliteoflove.com:172.20.0.5'
-      - 'git.thesatelliteoflove.com:172.20.0.5'
+      - '{{ subdomains.auth }}:{{ docker.hairpin_ip }}'
+      - '{{ subdomains.git }}:{{ docker.hairpin_ip }}'
  runner:
    image: gitea/act_runner:nightly
    restart: unless-stopped
@ -37,12 +37,12 @@ services:
    environment:
      - CONFIG_FILE=/config.yaml
      - GITEA_INSTANCE_URL=http://gitea:3000
-      - GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_key }}
+      - GITEA_RUNNER_REGISTRATION_TOKEN={{ vault_infrastructure.gitea_runner_key }}
      - GITEA_RUNNER_NAME=runner_1
      - GITEA_RUNNER_LABELS=docker
    extra_hosts:
-      - 'auth.thesatelliteoflove.com:172.20.0.5'
-      - 'git.thesatelliteoflove.com:172.20.0.5'
+      - '{{ subdomains.auth }}:{{ docker.hairpin_ip }}'
+      - '{{ subdomains.git }}:{{ docker.hairpin_ip }}'
    labels:
      glance.parent: gitea
      glance.name: Worker
@ -50,11 +50,11 @@ services:
      - ./runner-config.yaml:/config.yaml
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
-      - /opt/stacks/caddy/site:/sites
+      - {{ paths.stacks }}/caddy/site:/sites
 volumes:
  gitea:
    driver: local
 networks:
  default:
    external: true
-    name: lava
+    name: {{ docker.network_name }}