feat: implement comprehensive variable management system

- Create standardized group_vars directory structure - Add domains.yml with centralized subdomain mappings - Add infrastructure.yml with network, SMTP, and path config - Reorganize vault.yml secrets by service with consistent naming - Update 15+ Docker compose templates to use new variable structure - Simplify playbook commands by removing --extra-vars requirement - Replace hardcoded domains/IPs with template variables - Standardize secret references across all services 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 15:14:47 -06:00
parent 8d686c2aa5
commit 12582b352c
20 changed files with 187 additions and 104 deletions
--- a/roles/docker/templates/gotosocial-compose.yml.j2
+++ b/roles/docker/templates/gotosocial-compose.yml.j2
@ -4,28 +4,28 @@ services:
    container_name: gotosocial
    user: 1000:1000
    extra_hosts:
-      - 'auth.thesatelliteoflove.com:172.20.0.5'
+      - '{{ subdomains.auth }}:{{ docker.hairpin_ip }}'
    environment:
-      GTS_HOST: social.thesatelliteoflove.com
+      GTS_HOST: {{ subdomains.social }}
      GTS_DB_TYPE: sqlite
      GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
      GTS_WAZERO_COMPILATION_CACHE: /gotosocial/.cache
      GTS_LETSENCRYPT_ENABLED: "false"
      GTS_LETSENCRYPT_EMAIL_ADDRESS: ""
-      GTS_TRUSTED_PROXIES: "172.20.0.5"
-      GTS_ACCOUNT_DOMAIN: thesatelliteoflove.com
+      GTS_TRUSTED_PROXIES: "{{ docker.hairpin_ip }}"
+      GTS_ACCOUNT_DOMAIN: {{ primary_domain }}
      GTS_OIDC_ENABLED: "true"
      GTS_OIDC_IDP_NAME: "Authentik"
-      GTS_OIDC_ISSUER: https://auth.thesatelliteoflove.com/application/o/gotosocial/
-      GTS_OIDC_CLIENT_ID: {{ gts_oidc_client_id }}
-      GTS_OIDC_CLIENT_SECRET: {{ gts_oidc_client_secret }}
+      GTS_OIDC_ISSUER: https://{{ subdomains.auth }}/application/o/gotosocial/
+      GTS_OIDC_CLIENT_ID: {{ vault_gotosocial.oidc.client_id }}
+      GTS_OIDC_CLIENT_SECRET: {{ vault_gotosocial.oidc.client_secret }}
      GTS_OIDC_LINK_EXISTING: "true"
      GTS_HTTP_CLIENT: "20s"
-      GTS_SMTP_HOST: "smtp.resend.com"
+      GTS_SMTP_HOST: "{{ smtp.host }}"
      GTS_SMTP_PORT: "587"
-      GTS_SMTP_USERNAME: "resend"
-      GTS_SMTP_PASSWORD: {{ resend_key }}
-      GTS_SMTP_FROM: "social@updates.thesatelliteoflove.com"
+      GTS_SMTP_USERNAME: "{{ smtp.username }}"
+      GTS_SMTP_PASSWORD: {{ vault_smtp.password }}
+      GTS_SMTP_FROM: "social@{{ email_domains.updates }}"
      TZ: UTC
    volumes:
      - gotosocial:/gotosocial/storage
@ -34,7 +34,7 @@ services:
      docker-volume-backup.stop-during-backup: true
      glance.name: GoToSocial
      glance.icon: si:mastodon
-      glance.url: https://social.thesatelliteoflove.com/
+      glance.url: https://{{ subdomains.social }}/
      glance.description: Fediverse server
      glance.id: gotosocial
    
@ -52,8 +52,8 @@ services:
      BACKUP_RETENTION_DAYS: 1
      AWS_S3_BUCKET_NAME: tsolbackups
      AWS_ENDPOINT: s3.us-west-004.backblazeb2.com 
-      AWS_ACCESS_KEY_ID: {{ backup_key_id }}
-      AWS_SECRET_ACCESS_KEY: {{ backup_key }}
+      AWS_ACCESS_KEY_ID: {{ vault_backup.access_key_id }}
+      AWS_SECRET_ACCESS_KEY: {{ vault_backup.secret_access_key }}
      BACKUP_SKIP_BACKENDS_FROM_PRUNE: s3


@ -69,4 +69,4 @@ volumes:
 networks:
  default:
    external: true
-    name: lava
+    name: {{ docker.network_name }}