drone: encrypt secrets

services/drone/drone.env

@@ -1,3 +1,2 @@
-DRONE_RPC_SECRET=c9abde046b241975770a775fca86e4c9
 DRONE_SERVER_HOST=drone.${DOMAIN}
 DRONE_RPC_HOST=${DRONE_SERVER_HOST}

services/drone/drone.yml

@@ -10,12 +10,14 @@ services:
       - ${DOCKER_STORAGE_PATH}/drone:/data
     env_file:
       - drone.env
+      - ../../secrets/drone.env
     environment:
-      - DRONE_GITEA_CLIENT_ID=0d11d359-a420-4a66-a04c-0a136448b7e7
+      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID_VALUE}
-      - DRONE_GITEA_CLIENT_SECRET=Qx0LqE0Qb-M3MZAiojtlILRY3nfNzOiUUTdOCpW7Feo=
+      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET_VALUE}
       - DRONE_GITEA_SERVER=https://git.${DOMAIN}
       - DRONE_SERVER_PROTO=https
       - DRONE_USER_CREATE=username:lukas,admin:true
+      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET_VALUE}
     profiles:
       - base
     restart: unless-stopped
@@ -30,10 +32,12 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
     env_file:
       - drone.env
+      - ../../secrets/drone.env
     environment:
       - DRONE_RPC_PROTO=https
       - DRONE_RUNNER_CAPACITY=1
       - DRONE_RUNNER_NAME=nas-docker-runner
+      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET_VALUE}
     profiles:
       - base
     restart: unless-stopped