Improve gen_bootstrap.yml.

This commit is contained in:
yohan 2023-10-21 10:52:38 +02:00
parent 4350e12469
commit ca89571a9f

View File

@ -23,7 +23,7 @@
- name: Download secrets.tar.gz.enc - name: Download secrets.tar.gz.enc
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc" url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"
dest: /root/secrets.tar.gz.enc dest: /mnt/volumes/tmp_duplicity_workdir/data/secrets.tar.gz.enc
- name: Install openssh-client - name: Install openssh-client
ansible.builtin.package: ansible.builtin.package:
@ -37,11 +37,14 @@
mode: '0700' mode: '0700'
- name: Extract from secrets.tar.gz.enc - name: Extract from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C /root/" shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C /mnt/volumes/tmp_duplicity_workdir/data"
- name: Change SSH private key permissions - name: Change SSH private key permissions
ansible.builtin.file: ansible.builtin.file:
path: /root/.ssh/id_rsa path: /root/.ssh/id_rsa
mode: '0400' mode: '0400'
- name: Retrieve documentation
ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ DOC_KEY }}/download"
dest: /mnt/volumes/tmp_duplicity_workdir/data/Documentation.md