From 570452d8ec161c14a4bd785f494b3b6ae5414a62 Mon Sep 17 00:00:00 2001
From: yohan <783b8c87@scimetis.net>
Date: Sat, 1 Jun 2024 19:11:28 +0200
Subject: [PATCH] Add variable to force LOCAL_AND_REMOTE secrets extraction.

---
 tasks/main.yml | 16 ++++++++++++++++
 vars/main.yml  |  1 +
 2 files changed, 17 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 6f45126..a206487 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -99,8 +99,24 @@
   environment:
     SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env', 'SECRETS_ARCHIVE_PASSPHRASE') }}"
 
+- name: Extract from secrets.tar.gz.enc on localhost
+  shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ local_workdir }}/secrets.tar.gz.enc | tar -zxv -C {{ local_workdir }}"
+  environment:
+    SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env', 'SECRETS_ARCHIVE_PASSPHRASE') }}"
+  delegate_to: localhost
+  when:
+    - local_system_uuid != remote_system_uuid
+    - LOCAL_AND_REMOTE
+
 - name: Remove secrets.tar.gz.enc
   ansible.builtin.file:
     path: "{{ remote_workdir }}/secrets.tar.gz.enc"
     state: absent
 
+- name: Remove secrets.tar.gz.enc on localhost
+  ansible.builtin.file:
+    path: "{{ local_workdir }}/secrets.tar.gz.enc"
+    state: absent
+  delegate_to: localhost
+  when:
+    - local_system_uuid != remote_system_uuid
diff --git a/vars/main.yml b/vars/main.yml
index 88cd932..4492ef3 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -3,3 +3,4 @@
 LINUX_USERNAME: "yohan"
 SECRET_SSH_PORT: 2224
 WORKDIR: "secrets"
+LOCAL_AND_REMOTE: false