update plex token loading

2026-05-06 04:14:43 +00:00 · 2026-04-13 19:02:11 +01:00 · 2026-04-13 19:02:11 +01:00 · 9d3da248e9
commit 9d3da248e9
parent cc93e7f6c1
4 changed files with 37 additions and 25 deletions
--- a/ansible/group_vars/all/secrets.enc.yaml
+++ b/ansible/group_vars/all/secrets.enc.yaml
@ -1,17 +1,17 @@
-grafana_pagerduty_integration_key: ENC[AES256_GCM,data:w5DRzr556lV3sHJLFBNGLqkrblvilK2SO7R0eIK0yus=,iv:n/9UJcBZu3H8HBJ4AGOy59oLsC+rr+1uo/+m14WmANk=,tag:hnpNsSPVjGpO2Bwut3vFJw==,type:str]
+grafana_pagerduty_integration_key: ENC[AES256_GCM,data:AojONPyRt98BX73W9z8zt64vhFLGhlvQFnoTm+Fsha4=,iv:BkP/6MkpEC4Y1IiVtJw6hLKBPw7RcMva5FpPNZi5V2A=,tag:OoiAOMOSj0k/EryYhIBDLw==,type:str]
-plex_exporter_plex_token: ENC[AES256_GCM,data:o+r95K2PswMe36HFLF5YQE9mgQ==,iv:6YGuqB8mauZ00ay4/IrSmSDLw7r5U3U3LIOBnyARXI8=,tag:OIBKMW0rLUxXiE7BvYGOPg==,type:str]
+plex_exporter_plex_token: ENC[AES256_GCM,data:TPrpGAvLkJBNnmeaibm8i5aiVJA=,iv:S+0RQGQmB6v2tQOnKTEbMvPmJQ3d9d5HD5M/6X0eWww=,tag:kGVfrxUpgfz4fkx05D67zw==,type:str]
 sops:
    age:
        - recipient: age1r8uh2w2qad2z5sgq9q7l73962q2sp8zz9hdnh6sjuvanxl565vmswn8squ
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjJKcnVGTlRFRjFLVThy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOFdtWCtERWdPaFJITjk3
-            SkJXK0hMSlBoOEdFZVVlN0QrUEdTS3ppdWhBCm4wN1A4ZW95RGtaMTh0dW8ydW5T
+            NWFjbG96MHNPdUwvMDd4NGxqWEh3VUpkSXhJCm8yOEVxRFJNMGVKY1o4QkFHRVgx
-            cG9qNjFkaFhaYjVqbXJhcVVGZGF0R2MKLS0tIG5DMWhlVVN4dzFxc3Avckh5VEl0
+            a3gzV0xLUmpYYjYvZzhmZUtDN3A3TzAKLS0tIGwyRVpReGkwWldRNFZrb04wSXpa
-            SVRabjA0a09CbWFnK0VXbC91aGdtTTAK7Y/qaIxV6TkoqL8IZF/Hc4f0YHa9jVx9
+            UE90WWl5bDRJSTc5QitjbUllajVzMkUKIaUuYGFb43Ul+fEvH3AcR/arPKtysgHL
-            9X+LJbLK2wMNd9TUjpDvbMty+WIcZmL7y/B7r6Cs3640mWEsQO0wAA==
+            eENlRx2e3MXA3KNLtE4w3W3NGqBCil880/6xQKmFI9CgIcZRRJmruA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-12T20:09:02Z"
+    lastmodified: "2026-04-13T18:01:39Z"
-    mac: ENC[AES256_GCM,data:wBRxvdA8TtnrZMNgxd42Kt61Eq7gnvYFXDJwRep1ioz7RChvmnm+4pniuN4zTmX9QfKAdmDd4Yp91rLuRstnhT/s81P6qwypF0l6VnA7AZ/PkOFhpe9TzY/f+oxYceIiT/bHDqGqOpGNFop7yVvjRam0FzjVxT+DzwoRhPqfII0=,iv:EAXvhNIHcgbq7XiVmLC6cT5o/buYB2cnn3cUJmCrRzI=,tag:VnVKHu2oETH04QvtgT5/pQ==,type:str]
+    mac: ENC[AES256_GCM,data:rET2O8tO6BqjmMBprkGZq+kmn/UO7/r6LNofYJWTECL5VlZbF8cTywKldqAXCX61GaIABIXSv5OkcR0tBuPZcsG4eXMCiinvjUkRYV97E76hBEU9PQEPy/GzlTdqq6PBLDly23JT0uILDKD4ps6EoQ5aIa5S7XcKuyvmRbwGv8w=,iv:1Bu65zQV8h0Ca7+eQyP/UjWT9We2k1nFM4S0ijyTvr8=,tag:dLM4fcUHspvxjcinTXbweQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
--- a/ansible/roles/docker_services/tasks/main.yml
+++ b/ansible/roles/docker_services/tasks/main.yml
@ -2,9 +2,27 @@
 # Deploy Docker Compose services from the repo's services/ directory.
 # Expects docker_services list in host_vars and compose files in services/<name>/.
 - name: Ensure service directories exist
  ansible.builtin.file:
    path: "/opt/docker/{{ item }}"
    state: directory
    mode: '0755'
  loop: "{{ docker_services | default([]) }}"
 - name: Template service .env files
  ansible.builtin.template:
    src: "{{ docker_services_dir | default(playbook_dir + '/services') }}/{{ item }}/.env.j2"
    dest: "/opt/docker/{{ item }}/.env"
    mode: '0600'
  loop: "{{ docker_services | default([]) }}"
  when: lookup('ansible.builtin.fileglob', (docker_services_dir | default(playbook_dir + '/services')) + '/' + item + '/.env.j2') | length > 0
  no_log: true
  failed_when: false
  register: docker_services_env_files
 - name: Copy docker-compose files
-  ansible.builtin.copy:
+  ansible.builtin.template:
-    src: "{{ playbook_dir }}/services/{{ item }}/docker-compose.yml"
+    src: "{{ docker_services_dir | default(playbook_dir + '/services') }}/{{ item }}/docker-compose.yml"
    dest: "/opt/docker/{{ item }}/docker-compose.yml"
    mode: '0644'
  loop: "{{ docker_services | default([]) }}"
@ -13,30 +31,25 @@
 - name: Copy service config files
  ansible.posix.synchronize:
-    src: "{{ playbook_dir }}/services/{{ item }}/"
+    src: "{{ docker_services_dir | default(playbook_dir + '/services') }}/{{ item }}/"
    dest: "/opt/docker/{{ item }}/"
    rsync_opts:
      - "--exclude=docker-compose.yml"
      - "--exclude=README.md"
      - "--exclude=.gitkeep"
      - "--exclude=*.j2"
  loop: "{{ docker_services | default([]) }}"
  failed_when: false
 - name: Template service .env files
  ansible.builtin.template:
    src: "{{ playbook_dir }}/services/{{ item }}/.env.j2"
    dest: "/opt/docker/{{ item }}/.env"
    mode: '0600'
  loop: "{{ docker_services | default([]) }}"
  when: lookup('ansible.builtin.fileglob', playbook_dir + '/services/' + item + '/.env.j2') | length > 0
  no_log: true
  failed_when: false
 - name: Start/update docker compose services
  community.docker.docker_compose_v2:
    project_src: "/opt/docker/{{ item.item }}"
    state: present
    pull: policy
  loop: "{{ docker_services_compose_files.results | default([]) }}"
-  when: item is not failed and item is changed
+  when: >
    (item is not failed and item is changed) or
    (docker_services_env_files.results | default([]) |
     selectattr('item', 'equalto', item.item) |
     selectattr('changed', 'equalto', true) | list | length > 0)
  failed_when: false
--- a/ansible/services/plex-exporter/.env.j2
+++ b/ansible/services/plex-exporter/.env.j2
@ -1 +0,0 @@
 PLEX_TOKEN={{ plex_exporter_plex_token }}
--- a/ansible/services/plex-exporter/docker-compose.yml
+++ b/ansible/services/plex-exporter/docker-compose.yml
@ -12,4 +12,4 @@ services:
      - "9000:9000"
    environment:
      PLEX_SERVER: "http://192.168.1.253:32400"
-      PLEX_TOKEN: "${PLEX_TOKEN}"
+      PLEX_TOKEN: "{{ plex_exporter_plex_token }}"