feat: secrets things
parent
b9396ab05d
commit
ad664edcf3
23
hosts.yml
23
hosts.yml
|
@ -230,6 +230,29 @@ all:
|
||||||
|
|
||||||
nut_host: localhost
|
nut_host: localhost
|
||||||
|
|
||||||
|
notifiers:
|
||||||
|
xmpp:
|
||||||
|
recipient: rilla@monotremata.xyz
|
||||||
|
account: suricata@monotremata.xyz
|
||||||
|
password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
3261336330303763383735646465326463333964383234653835396462383731623
|
||||||
|
63763386365653437396163656530626533633463613966303235616565330a6237
|
||||||
|
3535653731333366313438343465663034303433623132386364643338613732383
|
||||||
|
9326661316435336539306232633536356330376337663065636265660a61643830
|
||||||
|
3335633538613337616232306233633039333364373538373036623139666263383
|
||||||
|
06538636233643362383335653135333439353131336535353862
|
||||||
|
|
||||||
|
gotify:
|
||||||
|
url: https://gotify.monotremata.xyz
|
||||||
|
token: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
3539643562356634616361643264623533643664303862613264316439343036323
|
||||||
|
93033306538353661343861313866613434633637653434336532613361310a6161
|
||||||
|
6563343236303135616335346364643763343533653331316166653937353965643
|
||||||
|
9383135393631366336383361373333396536343362626561613435310a34313261
|
||||||
|
38613264353832396362653036313531356261613833393965353664
|
||||||
|
|
||||||
caladan:
|
caladan:
|
||||||
ansible_host: caladan
|
ansible_host: caladan
|
||||||
ansible_user: ansible
|
ansible_user: ansible
|
||||||
|
|
14
justfile
14
justfile
|
@ -1,9 +1,21 @@
|
||||||
#!/usr/bin/env -S just --justfile
|
#!/usr/bin/env -S just --justfile
|
||||||
|
|
||||||
|
password_file := "get_password.sh"
|
||||||
|
|
||||||
|
# may need to use --force to reinstall all requirements
|
||||||
|
reqs *ARGS:
|
||||||
|
ansible-galaxy install -r requirements.yaml {{ARGS}}
|
||||||
|
|
||||||
deploy HOST *ARGS:
|
deploy HOST *ARGS:
|
||||||
ansible-playbook \
|
ansible-playbook \
|
||||||
--inventory hosts.yml \
|
--inventory hosts.yml \
|
||||||
--vault-password-file get_password.sh \
|
--vault-password-file {{password_file}} \
|
||||||
--limit {{HOST}} \
|
--limit {{HOST}} \
|
||||||
{{ARGS}} \
|
{{ARGS}} \
|
||||||
deploy.yml
|
deploy.yml
|
||||||
|
|
||||||
|
# just vault (encrypt/decrypt/edit)
|
||||||
|
vault ACTION:
|
||||||
|
EDITOR="nvim" ansible-vault {{ACTION}} \
|
||||||
|
--vault-password-file {{password_file}} \
|
||||||
|
vars/vault.yaml
|
||||||
|
|
Loading…
Reference in New Issue