From ad664edcf3169dcdedf76cd13d2e6b6d89c2bb23 Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Tue, 9 May 2023 09:58:28 +0200 Subject: [PATCH] feat: secrets things --- hosts.yml | 23 ++++++++++++++++++++++ justfile | 14 ++++++++++++- group_vars/all/vault_wg => vars/vault.yaml | 0 3 files changed, 36 insertions(+), 1 deletion(-) rename group_vars/all/vault_wg => vars/vault.yaml (100%) diff --git a/hosts.yml b/hosts.yml index 79f83c0..1a8c5e2 100644 --- a/hosts.yml +++ b/hosts.yml @@ -230,6 +230,29 @@ all: nut_host: localhost + notifiers: + xmpp: + recipient: rilla@monotremata.xyz + account: suricata@monotremata.xyz + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 3261336330303763383735646465326463333964383234653835396462383731623 + 63763386365653437396163656530626533633463613966303235616565330a6237 + 3535653731333366313438343465663034303433623132386364643338613732383 + 9326661316435336539306232633536356330376337663065636265660a61643830 + 3335633538613337616232306233633039333364373538373036623139666263383 + 06538636233643362383335653135333439353131336535353862 + + gotify: + url: https://gotify.monotremata.xyz + token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 3539643562356634616361643264623533643664303862613264316439343036323 + 93033306538353661343861313866613434633637653434336532613361310a6161 + 6563343236303135616335346364643763343533653331316166653937353965643 + 9383135393631366336383361373333396536343362626561613435310a34313261 + 38613264353832396362653036313531356261613833393965353664 + caladan: ansible_host: caladan ansible_user: ansible diff --git a/justfile b/justfile index 4111ba5..7a583e1 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,21 @@ #!/usr/bin/env -S just --justfile +password_file := "get_password.sh" + +# may need to use --force to reinstall all requirements +reqs *ARGS: + ansible-galaxy install -r requirements.yaml {{ARGS}} + deploy HOST *ARGS: ansible-playbook \ --inventory hosts.yml \ - --vault-password-file get_password.sh \ + --vault-password-file {{password_file}} \ --limit {{HOST}} \ {{ARGS}} \ deploy.yml + +# just vault (encrypt/decrypt/edit) +vault ACTION: + EDITOR="nvim" ansible-vault {{ACTION}} \ + --vault-password-file {{password_file}} \ + vars/vault.yaml diff --git a/group_vars/all/vault_wg b/vars/vault.yaml similarity index 100% rename from group_vars/all/vault_wg rename to vars/vault.yaml