From d4f9263b074e3375aa610b08f171ff57a04069f1 Mon Sep 17 00:00:00 2001 From: yohan <783b8c87@scimetis.net> Date: Sat, 4 Nov 2023 18:51:13 +0100 Subject: [PATCH] Initial commit. --- README.md | 5 ++++ defaults/main.yml | 2 ++ handlers/main.yml | 2 ++ meta/main.yml | 52 ++++++++++++++++++++++++++++++++++++++ playbook.yml | 7 ++++++ tasks/main.yml | 58 +++++++++++++++++++++++++++++++++++++++++++ tasks/source_vars.yml | 11 ++++++++ tests/inventory | 2 ++ tests/test.yml | 5 ++++ vars/main.yml | 2 ++ 10 files changed, 146 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 playbook.yml create mode 100644 tasks/main.yml create mode 100644 tasks/source_vars.yml create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..1675c36 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +Usage +===== + +SECRETS_ARCHIVE_PASSPHRASE=XXXXXXX ansible-playbook -e "user=$USER" -e "WORKDIR=$HOME/secrets" -e "CLOUD_SERVER=cloud.scimetis.net" playbook.yml + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ab0cbd3 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for role_pack_secrets diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f8f5ead --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for role_pack_secrets diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..04f236a --- /dev/null +++ b/playbook.yml @@ -0,0 +1,7 @@ +- name: Unpack secrets + hosts: localhost + tasks: + - name: include self role + ansible.builtin.include_role: + name: "{{ playbook_dir }}" + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..80c83ac --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# tasks file for role_pack_secrets +- name: Set Nextcloud credentials + ansible.builtin.include_tasks: "tasks/source_vars.yml" + with_items: + - NEXTCLOUD_USER + - NEXTCLOUD_PASSWORD + vars: + shell_script: "{{ WORKDIR }}/secrets/docker-duplicity-stack/nextcloud_password.sh" + +- name: Create secrets.tar.gz.enc + shell: "tar -czvpf - -C {{ WORKDIR }} secrets | openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -salt -out {{ WORKDIR }}/secrets.tar.gz.enc" + +- name: Create /mnt/cloud directory if it does not exist + ansible.builtin.file: + path: /mnt/cloud + state: directory + mode: '0755' + become: true + +- name: Install davfs2 + ansible.builtin.package: + name: davfs2 + become: true + +- name: Create /etc/davfs2 directory + ansible.builtin.file: + path: /etc/davfs2 + state: directory + mode: '0755' + become: true + +- name: Copy using inline content + ansible.builtin.copy: + content: "/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}" + dest: /etc/davfs2/secrets + mode: '0600' + become: true + +- name: mount /mnt/cloud + ansible.posix.mount: + path: /mnt/cloud + src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/" + fstype: davfs + opts: "uid={{ user }},gid={{ user }}" + state: mounted + become: true + +- name: Copy new secrets in Nextcloud share + ansible.builtin.copy: + src: "{{ WORKDIR }}/secrets.tar.gz.enc" + dest: /mnt/cloud/Passwords/secrets.tar.gz.enc + +- name: unmount /mnt/cloud + ansible.posix.mount: + path: /mnt/cloud + state: unmounted + become: true diff --git a/tasks/source_vars.yml b/tasks/source_vars.yml new file mode 100644 index 0000000..8d6db61 --- /dev/null +++ b/tasks/source_vars.yml @@ -0,0 +1,11 @@ +--- +- name: Register variable {{ item }} + shell: . {{ shell_script }} && echo ${{ item }} + register: output_var + changed_when: false + +- name: Set variable {{ item }} + set_fact: + "{{ item }}": "{{ output_var.stdout }}" + changed_when: false + diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..9bab865 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - role_pack_secrets diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..e5f8df5 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for role_pack_secrets