From 5bcb035fe4f53e7864aed77412c472962f600bf4 Mon Sep 17 00:00:00 2001 From: Spyderfoo <36179436+neokyx@users.noreply.github.com> Date: Sun, 15 Dec 2024 15:03:02 +0000 Subject: [PATCH 1/3] Update VERSIONS.md - Upgrade Infisical v0.4.2 > v.0.43.19 - Upgrade Nextcloud 30.0.2 > 30.0.4 --- VERSIONS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSIONS.md b/VERSIONS.md index 78424985..915fa178 100644 --- a/VERSIONS.md +++ b/VERSIONS.md @@ -35,7 +35,7 @@ * Healthchecks: v3.7 * Hubsite Nginx: 1.27.2 * Ilmo: 1.0.4 -* Infisical: v0.4.2 +* Infisical: v0.43.19 * Influxdb: 2.7.6 * Jitsi: stable-9823 * Jitsi Ldap: 3 @@ -57,7 +57,7 @@ * Neko: firefox * Netbox: v3.7.0-2.8.0 * Netbox Container Image Customizations Keycloak Sso Expiration Middleware: a2ac39b1c73a50742c6e834e89162f87528c7f73 -* Nextcloud: 30.0.2 +* Nextcloud: 30.0.4 * Notfellchen: 0.1.1 * Notfellchen Sws: 2 * Oauth2 Proxy: v7.6.0 From 1c688b21a72f80dc917d6aafb9ecee2634a52114 Mon Sep 17 00:00:00 2001 From: Spyderfoo <36179436+neokyx@users.noreply.github.com> Date: Sun, 15 Dec 2024 15:03:39 +0000 Subject: [PATCH 2/3] Update requirements.yml - Upgrade Infisical v0.4.2 > v.0.43.19 --- templates/requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/requirements.yml b/templates/requirements.yml index 9091e07a..9fd1af2f 100644 --- a/templates/requirements.yml +++ b/templates/requirements.yml @@ -157,7 +157,7 @@ name: ilmo activation_prefix: ilmo_ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-infisical.git - version: v0.4.2-0 + version: v0.43.19-0 name: infisical activation_prefix: infisical_ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-influxdb.git From 2c949653445b0059dd4e852e89ab5e2f1acce5c3 Mon Sep 17 00:00:00 2001 From: Spyderfoo <36179436+neokyx@users.noreply.github.com> Date: Sun, 15 Dec 2024 15:32:06 +0000 Subject: [PATCH 3/3] Update infisical.md # Valkey support Adding documentation for Valkey which is required since the last updated version (0.43.19) --- docs/services/infisical.md | 135 +++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/docs/services/infisical.md b/docs/services/infisical.md index 29c5e7cc..6e81fdf5 100644 --- a/docs/services/infisical.md +++ b/docs/services/infisical.md @@ -9,6 +9,7 @@ This service requires the following other services: - a [MongoDB](mongodb.md) document-oriented database server - a [Traefik](traefik.md) reverse-proxy server +- a [Valkey](valkey.md) data-store, installation details [below](#valkey) ## Configuration @@ -55,6 +56,140 @@ Public registration can be enabled/disabled using the `infisical_backend_environ We recommend installing with public registration enabled at first (which is the default value for this variable), creating your first user account, and then disabling public registration by explicitly setting `infisical_backend_environment_variable_invite_only_signup` to `true`. Enabling invite-only signup requires that you configure [Email configuration](#email-configuration) +### Valkey + +As described on the Valkey documentation page, if you're hosting additional services which require KeyDB on the same server, you'd better go for installing a separate Valkey instance for each service. See Creating a Valkey instance dedicated to Infisical. + +If you're only running Infisical on this server and don't need to use KeyDB for anything else, you can use a single Valkey instance. +Using the shared Valkey instance for Infisical + +To install a single (non-dedicated) Valkey instance (mash-valkey) and hook Infisical to it, add the following additional configuration: + +```yaml +######################################################################## +# # +# valkey # +# # +######################################################################## + +valkey_enabled: true + +######################################################################## +# # +# /valkey # +# # +######################################################################## + + +######################################################################## +# # +# infisical # +# # +######################################################################## + +# Base configuration as shown above + +# Point Infisical to the shared Valkey instance +infisical_environment_variable_redis_host: "{{ valkey_identifier }}" +infisical_environment_variable_redis_cache_host: "{{ valkey_identifier }}" + +# Make sure the Infisical service (mash-infisical.service) starts after the shared KeyDB service (mash-valkey.service) +infisical_systemd_required_services_list_custom: + - "{{ valkey_identifier }}.service" + +# Make sure the Infisical container is connected to the container network of the shared KeyDB service (mash-valkey) +infisical_container_additional_networks_custom: + - "{{ valkey_identifier }}" + +######################################################################## +# # +# /infisical # +# # +######################################################################## +``` + +This will create a mash-valkey Valkey instance on this host. + +This is only recommended if you won't be installing other services which require KeyDB. Alternatively, go for Creating a Valkey instance dedicated to Infisical. +Creating a Valkey instance dedicated to Infisical + +The following instructions are based on the Running multiple instances of the same service on the same host documentation. + +Adjust your inventory/hosts file as described in Re-do your inventory to add supplementary hosts, adding a new supplementary host (e.g. if infisical.example.com is your main one, create infisical.example.com-deps). + +Then, create a new vars.yml file for the + +inventory/host_vars/infisical.example.com-deps/vars.yml: + +```yaml + +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +# Various other secrets will be derived from this secret automatically. +mash_playbook_generic_secret_key: '' + +# Override service names and directory path prefixes +mash_playbook_service_identifier_prefix: 'mash-infisical-' +mash_playbook_service_base_directory_name_prefix: 'infisical-' + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + + +######################################################################## +# # +# valkey # +# # +######################################################################## + +valkey_enabled: true + +######################################################################## +# # +# /valkey # +# # +######################################################################## + +This will create a mash-infisical-valkey instance on this host with its data in /mash/infisical-valkey. + +Then, adjust your main inventory host's variables file (inventory/host_vars/infisical.example.com/vars.yml) like this: + +######################################################################## +# # +# infisical # +# # +######################################################################## + +# Base configuration as shown above + + +# Point Infisical to its dedicated Valkey instance +infisical_environment_variable_redis_host: mash-infisical-valkey +infisical_environment_variable_redis_cache_host: mash-infisical-valkey + +# Make sure the Infisical service (mash-infisical.service) starts after its dedicated KeyDB service (mash-infisical-valkey.service) +infisical_systemd_required_services_list_custom: + - "mash-infisical-valkey.service" + +# Make sure the Infisical container is connected to the container network of its dedicated KeyDB service (mash-infisical-valkey) +infisical_container_additional_networks_custom: + - "mash-infisical-valkey" + +######################################################################## +# # +# /infisical # +# # +######################################################################## +``` + ### Email configuration As described in the Infisical documentation about [Email](https://infisical.com/docs/self-hosting/configuration/email), some important functionality requires email-sending to be configured.