From 85237382caaacb58c9e4ee110fcaa44bfa9a775a Mon Sep 17 00:00:00 2001 From: Mike Wilson Date: Wed, 1 Feb 2023 22:20:28 -0500 Subject: [PATCH] Set up Ansible Vault bitwarden script --- ansible/ansible.cfg | 2 +- ansible/main.yml | 2 ++ ansible/roles/traefik/tasks/main.yml | 3 +++ ansible/roles/traefik/vars/main.yml | 21 +++++++++++++++++++++ ansible/vault-pass.sh | 3 +++ 5 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/traefik/tasks/main.yml create mode 100644 ansible/roles/traefik/vars/main.yml create mode 100755 ansible/vault-pass.sh diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 30e6360..6c18dd7 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,7 +1,7 @@ [defaults] inventory = ./hosts.ini interpreter_python = auto_silent -#vault_password_file - ./vault-pass.sh +vault_password_file = ./vault-pass.sh [privilege_escalation] become_ask_pass = True diff --git a/ansible/main.yml b/ansible/main.yml index 437dc9e..4fd4028 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -6,7 +6,9 @@ roles: - pve-docker - docker-compose + - traefik - prowlarr - sonarr - radarr + - qbittorrent - ntfy diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml new file mode 100644 index 0000000..b430ff0 --- /dev/null +++ b/ansible/roles/traefik/tasks/main.yml @@ -0,0 +1,3 @@ +- name: Print key + debug: + var: porkbun_api_key diff --git a/ansible/roles/traefik/vars/main.yml b/ansible/roles/traefik/vars/main.yml new file mode 100644 index 0000000..52582fa --- /dev/null +++ b/ansible/roles/traefik/vars/main.yml @@ -0,0 +1,21 @@ +porkbun_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38353531366235383239643438376161613937643431303266663966663930386163353935386135 + 6135356665626161333763326635306132303162383532650a346130613565323330383739326161 + 64353462336430333162333562626432626136616238373237633366336433626231316635636264 + 6130396265333839300a643766303132376138356531393335336165613966633862623632313461 + 65643138383531396630666637623265396461376632393436613964306538383233326562623332 + 61626536313765303164323862326263396163386266613562326231643234623931323065326466 + 63643836316336343966613537623330376462373031363535373136333764336133303134653136 + 62623339616261316164 + +porkbun_secret_api_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30356330383036313732363931663661303336336263306431383835653763643531303830366636 + 6638323437393130653566613061363061363465306633350a343530356334343232336665663138 + 33653737616239306536616139336162313830356462326630336238393137386334623031613833 + 6633363566373731610a383331386230323336633062623764373566323036663364623232613762 + 34636236616432393634366539393036386162343665363338636664393639623532356430613238 + 33393831323334626335333630366331633464353638353636666430616630306139336665376132 + 34326563626465633036656134373430616634393931626638636332323562366565326535626237 + 38313264383866633662 diff --git a/ansible/vault-pass.sh b/ansible/vault-pass.sh new file mode 100755 index 0000000..378be16 --- /dev/null +++ b/ansible/vault-pass.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +bw get password "Ansible Vault"