WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(tooling): added tasks to ease en/decrypt operations on vault files

Browse source
This commit is contained in:
NaeiKinDus 2025-03-02 00:00:00 +00:00
parent 93a3754ce4
commit 43d68e5cab
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
4 changed files with 41 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Taskfile.yml
View file

@ -3,14 +3,20 @@ version: '3'
includes: includes:
setup: ./tasks/setup_{{OS}}.yml setup: ./tasks/setup_{{OS}}.yml
test: ./tasks/tests.yml test: ./tasks/tests.yml
utils:
taskfile: ./tasks/utils.yml
flatten: true
env: env:
DOCKER_REPOSITORY: pouncetech/molecule DOCKER_REPOSITORY: pouncetech/molecule
ANSIBLE_VAULT_PASSWORD_FILE: ./scripts/pass_get_vault_id.sh
vars: vars:
PYTHON_WRAPPER: '{{.ROOT_DIR}}/scripts/python_wrapper.sh' PYTHON_WRAPPER: '{{.ROOT_DIR}}/scripts/python_wrapper.sh'
MOLECULE_DIR: '{{.ROOT_DIR}}/collections/ansible_collections/nullified/infrastructure/extensions' MOLECULE_DIR: '{{.ROOT_DIR}}/collections/ansible_collections/nullified/infrastructure/extensions'
COLLECTIONS_DIR: '{{.ROOT_DIR}}/collections/ansible_collections' COLLECTIONS_DIR: '{{.ROOT_DIR}}/collections/ansible_collections'
ANSIBLE_PASS_PATH: ansible/vault-id
ANSIBLE_PASS_LENGTH: 50
tasks: tasks:
setup: setup:
@ -20,6 +26,7 @@ tasks:
- task: 'setup:venv' - task: 'setup:venv'
- task: 'setup:ansible' - task: 'setup:ansible'
- task: 'setup:galaxy' - task: 'setup:galaxy'
- task: 'vault:init'
docker:build: docker:build:
desc: build docker images locally. desc: build docker images locally.

6
scripts/pass_get_vault_id.sh Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env bash
PASSWORD_STORE_BIN=${PASSWORD_STORE_BIN:-"pass"}
ANSIBLE_PASS_PATH=${ANSIBLE_PASS_PATH:-"ansible/vault-id"}
$PASSWORD_STORE_BIN show "${ANSIBLE_PASS_PATH}"

1
tasks/setup_linux.yml
View file

@ -11,6 +11,7 @@ tasks:
build-essential \ build-essential \
coreutils \ coreutils \
curl \ curl \
pass \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
libtool \ libtool \
python3-virtualenv \ python3-virtualenv \

27
tasks/utils.yml Normal file
View file

@ -0,0 +1,27 @@
version: '3'
tasks:
encrypt:
desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
vars:
VAULT_FILES:
sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
cmds:
- for: { var: VAULT_FILES }
cmd: '{{.PYTHON_WRAPPER}} ansible-vault encrypt {{.ITEM | replace "\n" " " }} || true'
decrypt:
desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
vars:
VAULT_FILES:
sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
cmds:
- for: { var: VAULT_FILES }
cmd: '{{.PYTHON_WRAPPER}} ansible-vault decrypt {{.ITEM | replace "\n" " " }} || true'
vault:init:
desc: Create a vault id file in your home directory for encrypting/decrypting vault files
cmds:
- 'pass generate {{.ANSIBLE_PASS_PATH}} {{.ANSIBLE_PASS_LENGTH}} > /dev/null'
status:
- 'pass show {{.ANSIBLE_PASS_PATH}} &> /dev/null '