Miniflux: change secret storage from env to files

playbook-miniflux.yml

@@ -11,6 +11,7 @@
     app_user: "{{ app_name }}"
     base_dir: "/home/{{ app_user }}"
     data_dir: "{{ (base_dir, 'data') | path_join }}"
+    secrets_dir: "{{ (base_dir, 'secrets') | path_join }}"
     postgres_data_dir: "{{ (base_dir, 'data', 'postgres') | path_join }}"
     postgres_backups_dir: "{{ (base_dir, 'backups', 'postgres') | path_join }}"
 
@@ -32,6 +33,20 @@
       loop:
         - "{{ postgres_backups_dir }}"
 
+    - name: "Copy secrets"
+      ansible.builtin.import_role:
+        name: secrets
+      vars:
+        secrets_dest: "{{ secrets_dir }}"
+        secrets_user: "{{ app_user }}"
+        secrets_group: "{{ app_user }}"
+        secrets_vars:
+          - "miniflux_database_url"
+          - "miniflux_admin_user"
+          - "miniflux_admin_password"
+          - "miniflux_oidc_client_id"
+          - "miniflux_oidc_client_secret"
+
     - name: "Copy docker compose file"
       ansible.builtin.template:
         src: "./files/{{ app_name }}/docker-compose.yml.j2"