commit 33d4f011a0d5fc7c9bee1157498c859b2d282383 Author: yohan <783b8c87@scimetis.net> Date: Sat Nov 4 18:02:55 2023 +0100 Initial commit. diff --git a/README.md b/README.md new file mode 100644 index 0000000..626d7e5 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +Usage +===== + +KEY=XXXXXX SECRETS_ARCHIVE_PASSPHRASE=XXXXXXX ansible-playbook -e "WORKDIR=$HOME/secrets" -e "CLOUD_SERVER=cloud.scimetis.net" playbook.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..d646bf1 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for role_unpack_secrets diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..11d8b3f --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for role_unpack_secrets diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..04f236a --- /dev/null +++ b/playbook.yml @@ -0,0 +1,7 @@ +- name: Unpack secrets + hosts: localhost + tasks: + - name: include self role + ansible.builtin.include_role: + name: "{{ playbook_dir }}" + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..22fbb34 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# tasks file for role_unpack_secrets +- name: Create secrets directory + ansible.builtin.file: + path: "{{ WORKDIR }}/secrets" + state: directory + +- name: Download secrets.tar.gz.enc + ansible.builtin.get_url: + url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc" + dest: "{{ WORKDIR }}/secrets.tar.gz.enc" + +- name: Extract from secrets.tar.gz.enc + shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ WORKDIR }}/secrets.tar.gz.enc | tar -zxv -C {{ WORKDIR }}" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..8764411 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - role_unpack_secrets diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..33005fa --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for role_unpack_secrets