feat(tooling): added tasks to ease en/decrypt operations on vault files

2025-03-02 00:00:00 +00:00 · 2025-03-02 00:00:00 +00:00 · 43d68e5cab
commit 43d68e5cab
parent 93a3754ce4
4 changed files with 41 additions and 0 deletions
--- a/tasks/setup_linux.yml
+++ b/tasks/setup_linux.yml
@ -11,6 +11,7 @@ tasks:
          build-essential \
          coreutils \
          curl \
+          pass \
          libcurl4-openssl-dev \
          libtool \
          python3-virtualenv \
--- a/tasks/utils.yml
+++ b/tasks/utils.yml
@ -0,0 +1,27 @@
+version: '3'
+
+tasks:
+  encrypt:
+    desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
+    vars:
+      VAULT_FILES:
+        sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
+    cmds:
+      - for: { var: VAULT_FILES }
+        cmd: '{{.PYTHON_WRAPPER}} ansible-vault encrypt {{.ITEM | replace "\n" " " }} || true'
+
+  decrypt:
+    desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
+    vars:
+      VAULT_FILES:
+        sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
+    cmds:
+      - for: { var: VAULT_FILES }
+        cmd: '{{.PYTHON_WRAPPER}} ansible-vault decrypt {{.ITEM | replace "\n" " " }} || true'
+
+  vault:init:
+    desc: Create a vault id file in your home directory for encrypting/decrypting vault files
+    cmds:
+      - 'pass generate {{.ANSIBLE_PASS_PATH}} {{.ANSIBLE_PASS_LENGTH}} > /dev/null'
+    status:
+      - 'pass show {{.ANSIBLE_PASS_PATH}} &> /dev/null '