feat: secrets things

hosts.yml

@@ -230,6 +230,29 @@ all:
 
       nut_host: localhost
 
+      notifiers:
+        xmpp:
+          recipient: rilla@monotremata.xyz
+          account: suricata@monotremata.xyz
+          password: !vault |
+            $ANSIBLE_VAULT;1.1;AES256
+            3261336330303763383735646465326463333964383234653835396462383731623
+            63763386365653437396163656530626533633463613966303235616565330a6237
+            3535653731333366313438343465663034303433623132386364643338613732383
+            9326661316435336539306232633536356330376337663065636265660a61643830
+            3335633538613337616232306233633039333364373538373036623139666263383
+            06538636233643362383335653135333439353131336535353862
+
+        gotify:
+          url: https://gotify.monotremata.xyz
+          token: !vault |
+            $ANSIBLE_VAULT;1.1;AES256
+            3539643562356634616361643264623533643664303862613264316439343036323
+            93033306538353661343861313866613434633637653434336532613361310a6161
+            6563343236303135616335346364643763343533653331316166653937353965643
+            9383135393631366336383361373333396536343362626561613435310a34313261
+            38613264353832396362653036313531356261613833393965353664
+
     caladan:
       ansible_host: caladan
       ansible_user: ansible

justfile

@@ -1,9 +1,21 @@
 #!/usr/bin/env -S just --justfile
 
+password_file := "get_password.sh"
+
+# may need to use --force to reinstall all requirements
+reqs *ARGS:
+    ansible-galaxy install -r requirements.yaml {{ARGS}}
+
 deploy HOST *ARGS:
     ansible-playbook \
         --inventory hosts.yml \
-        --vault-password-file get_password.sh \
+        --vault-password-file {{password_file}} \
         --limit {{HOST}} \
         {{ARGS}} \
         deploy.yml
+
+# just vault (encrypt/decrypt/edit)
+vault ACTION:
+    EDITOR="nvim" ansible-vault {{ACTION}} \
+        --vault-password-file {{password_file}} \
+        vars/vault.yaml