Update notifications-service role to use pubsub, + other improvements

[cooldracula]

This PR updates the inventory and role related to the notifications-service to make use of the new pubsub feature. It also brings in some small changes to dependent roles to ensure everything is running smoothly.

This role was tested for both notifications.nos.social and dev-notifications.nos.social

Adding certs to vault

The biggest change is that the certs used in this role were added to the inventory using ansible-vault. This makes it easier to collaborate, but it does mean we are commiting (encrypted!) secret certs to source control.

I updated the ansible wiki page to better document our inventories structure and its use of group_vars, and how to use ansible-vault to handle secrets.

If this PR is merged, and we continue putting encrypted secrets in source control, then I urge collaborators to add the pre-commit hook mentioned in the committing secrets section to ensure you are only committing encrypted vault files.

Other changes

• added the pubsub env vars to our .env template in the notifications role
• adjusted common and docker roles to run more smoothly and quickly
• added notifications example to new-server-vars.yaml

about new-server-vars

this role can be used with our new-do-droplet play to bring up a new server, with our notifications service installed, from scratch.

The invocation for this would be:

ansible-playbook -i inventories/notifications_service/inventory.yml playbooks/new-do-droplet.yml --extra-vars "@new-server-vars.yml"

with the relevant section in new-server-vars.yml uncommented and adjusted as needed.

[mplorentz]

This PR looks good to me! I added the pre-commit hook. The ansible wiki page is looking very nice 👌