From 74ae2c46943f25c17f0d08dbe51090d89542b69c Mon Sep 17 00:00:00 2001 From: ace Date: Fri, 23 May 2025 13:05:03 +0300 Subject: [PATCH] pwgen: rewrite checks and passwords generation --- roles/pwgen/tasks/dkim.yaml | 83 +++++++-------- roles/pwgen/tasks/htpasswd.yaml | 82 +++++++-------- roles/pwgen/tasks/main.yaml | 17 ++- roles/pwgen/tasks/passwords.yaml | 79 ++++++-------- roles/pwgen/tasks/secrets.yaml | 34 +++--- roles/pwgen/tasks/tsig.yaml | 171 ++++++++++++++----------------- roles/pwgen/tasks/vapid.yaml | 83 +++++++-------- 7 files changed, 246 insertions(+), 303 deletions(-) diff --git a/roles/pwgen/tasks/dkim.yaml b/roles/pwgen/tasks/dkim.yaml index 2fff757..3193307 100644 --- a/roles/pwgen/tasks/dkim.yaml +++ b/roles/pwgen/tasks/dkim.yaml @@ -1,47 +1,36 @@ -- name: Test if DKIM private key exists - shell: grep -c "dkim_private_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: dkim_private_key_test_grep - -- name: Test if DKIM public key exists - shell: grep -c "dkim_public_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: dkim_public_key_test_grep - -- name: Create DKIM keys - docker_container: - name: ddclient - image: "{{ docker_registry }}/pwgen" - cleanup: true - detach: false - container_default_behavior: no_defaults - command: "sh dkim-key.sh {{ mail_domain | default(domain) }}" - register: dkim_container_output - when: dkim_private_key_test_grep.stdout == '0' or dkim_public_key_test_grep.stdout == '0' - -- name: Set ddclient_key - set_fact: - dkim_keys: "{{ dkim_container_output.container.Output | from_yaml }}" - when: dkim_private_key_test_grep.stdout == '0' or dkim_public_key_test_grep.stdout == '0' - -- name: Show DKIM private key - debug: - msg: "ddclient private key: {{ dkim_keys['dkim'][0]['default.private'] | b64decode }}" - verbosity: 2 - when: dkim_private_key_test_grep.stdout == '0' - -- name: Show DKIM public key - debug: - msg: "ddclient public key: {{ dkim_keys['dkim'][0]['default.txt'] | b64decode }}" - verbosity: 2 - when: dkim_public_key_test_grep.stdout == '0' - -- name: Write DKIM private key - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "dkim_private_key_base64: \"{{ dkim_keys['dkim'][0]['default.private'] }}\"" - when: dkim_private_key_test_grep.stdout == '0' - -- name: Write DKIM public key - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "dkim_public_key_base64: \"{{ dkim_keys['dkim'][0]['default.txt'] }}\"" - when: dkim_public_key_test_grep.stdout == '0' +- name: Generate DKIM keys + when: passwords['dkim_public_key_base64'] is not defined or passwords['dkim_private_key_base64'] is not defined + block: + - name: Create DKIM keys + docker_container: + name: ddclient + image: "{{ docker_registry }}/pwgen" + cleanup: true + detach: false + container_default_behavior: no_defaults + command: "sh dkim-key.sh {{ mail_domain | default(domain) }}" + register: dkim_container_output + + - name: Set dkim_keys + set_fact: + dkim_keys: "{{ dkim_container_output.container.Output | from_yaml }}" + + - name: Show DKIM private key + debug: + msg: "ddclient private key: {{ dkim_keys['dkim'][0]['default.private'] | b64decode }}" + verbosity: 2 + + - name: Show DKIM public key + debug: + msg: "ddclient public key: {{ dkim_keys['dkim'][0]['default.txt'] | b64decode }}" + verbosity: 2 + + - name: Write DKIM private key + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "dkim_private_key_base64: \"{{ dkim_keys['dkim'][0]['default.private'] }}\"" + + - name: Write DKIM public key + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "dkim_public_key_base64: \"{{ dkim_keys['dkim'][0]['default.txt'] }}\"" diff --git a/roles/pwgen/tasks/htpasswd.yaml b/roles/pwgen/tasks/htpasswd.yaml index 23f6395..24a6b15 100644 --- a/roles/pwgen/tasks/htpasswd.yaml +++ b/roles/pwgen/tasks/htpasswd.yaml @@ -1,46 +1,36 @@ -- name: Test if password exists in file for {{ item.name }} - shell: grep -c "^{{ item.name }}_password" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: password_test_grep - -- name: Test if password htpasswd hash exists in file for {{ item.name }} - shell: grep -c "^{{ item.name }}_htpasswd_hash" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: htpasswd_hash_test_grep - -- name: Create password for {{ item.name }} - shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;" - register: password - when: password_test_grep.stdout == '0' - -- name: Show password json for {{ item.name }} - debug: - msg: "{{ password }}" - verbosity: 2 - when: password_test_grep.stdout == '0' - -- name: Create bcrypt hash from password for {{ item.name }} - docker_container: - name: slappasswd - image: "{{ docker_registry }}/pwgen" - cleanup: true - detach: false - container_default_behavior: no_defaults - command: "htpasswd -B -n -i -b -C 16 {{ item.name }} {{ password.stdout | default(item.name + '_password') }}" - register: docker_container_output - when: htpasswd_hash_test_grep.stdout == '0' - -- name: Show docker_container_output for {{ item.name }} - debug: - msg: "{{ docker_container_output }}" - verbosity: 2 - -- name: Write password for {{ item.name }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_password: \"{{ password.stdout }}\"" - when: password_test_grep.stdout == '0' - -- name: Write htpasswd hash for {{ item.name }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_htpasswd_hash: \"{{ docker_container_output.container.Output.split('\n')[0].split(':')[1] }}\"" - when: htpasswd_hash_test_grep.stdout == '0' +- name: Generate htpasswd for {{ item.name }} + when: passwords[item.name + '_password'] is not defined or passwords[item.name + '_htpasswd_hash'] is not defined + block: + - name: Create password for {{ item.name }} + shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;" + register: password + + - name: Show password json for {{ item.name }} + debug: + msg: "{{ password }}" + verbosity: 2 + + - name: Create bcrypt hash from password for {{ item.name }} + docker_container: + name: slappasswd + image: "{{ docker_registry }}/pwgen" + cleanup: true + detach: false + container_default_behavior: no_defaults + command: "htpasswd -B -n -i -b -C 16 {{ item.name }} {{ password.stdout | default(item.name + '_password') }}" + register: docker_container_output + + - name: Show docker_container_output for {{ item.name }} + debug: + msg: "{{ docker_container_output }}" + verbosity: 2 + + - name: Write password for {{ item.name }} + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_password: \"{{ password.stdout }}\"" + + - name: Write htpasswd hash for {{ item.name }} + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_htpasswd_hash: \"{{ docker_container_output.container.Output.split('\n')[0].split(':')[1] }}\"" diff --git a/roles/pwgen/tasks/main.yaml b/roles/pwgen/tasks/main.yaml index 5816851..7bd2132 100644 --- a/roles/pwgen/tasks/main.yaml +++ b/roles/pwgen/tasks/main.yaml @@ -1,7 +1,22 @@ -- name: Create passwords.yaml file +- name: Check that passwords.yaml exists + stat: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + register: passwords_file + +- name: Create passwords.yaml file if not exists file: name: "{{ inventory_dir }}/group_vars/all/passwords.yaml" state: touch + when: not passwords_file.stat.exists + +- name: Read passwords.yaml file + slurp: + src: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + register: passwords_b64 + +- name: Set facts about passwords + set_fact: + passwords: "{{ passwords_b64['content'] | b64decode | from_yaml }}" - name: Create files directory for ddclient tsig file: diff --git a/roles/pwgen/tasks/passwords.yaml b/roles/pwgen/tasks/passwords.yaml index cd6a51d..89efdf1 100644 --- a/roles/pwgen/tasks/passwords.yaml +++ b/roles/pwgen/tasks/passwords.yaml @@ -1,49 +1,34 @@ -- name: Test if password exists in file for {{ item.name }} - shell: grep -c "^{{ item.name }}_password" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: password_test_grep - -- name: Test if password pbkdf2-sha512 hash exists in file for {{ item.name }} - shell: grep -c "^{{ item.name }}_pbkdf2_sha512_hash" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: pbkdf2_sha512_hash_test_grep +- name: Generate password for {{ item.name }} + when: passwords[item.name + '_password'] is not defined + block: + - name: Create password for {{ item.name }} + shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;" + register: password + + - name: Show password json for {{ item.name }} + debug: + msg: "{{ password }}" + verbosity: 2 -- name: Create password for {{ item.name }} - shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;" - register: password - when: password_test_grep.stdout == '0' + - name: Write password for {{ item.name }} + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_password: \"{{ password.stdout }}\"" -- name: Show password json for {{ item.name }} - debug: - msg: "{{ password }}" - verbosity: 2 - when: password_test_grep.stdout == '0' - -- name: Create PBKDF2-SHA512 hash from password for {{ item.name }} - docker_container: - name: slappasswd - image: "{{ docker_registry }}/pwgen" - cleanup: true - detach: false - container_default_behavior: no_defaults - command: "slappasswd -o module-load=pw-pbkdf2 -h {PBKDF2-SHA512} -s {{ password.stdout | default(item.name + '_password') }}" - register: docker_container_output - when: pbkdf2_sha512_hash_test_grep.stdout == '0' - -- debug: - msg: "{{ docker_container_output }}" - -- name: Show docker_container_output for {{ item.name }} - debug: - msg: "{{ docker_container_output }}" - verbosity: 2 - -- name: Write password for {{ item.name }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_password: \"{{ password.stdout }}\"" - when: password_test_grep.stdout == '0' - -- name: Write PBKDF2-SHA512 hash for {{ item.name }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_pbkdf2_sha512_hash: \"{{ docker_container_output.container.Output.split('\n')[0] }}\"" - when: pbkdf2_sha512_hash_test_grep.stdout == '0' +- name: Generate password for {{ item.name }} + when: passwords[item.name + '_pbkdf2_sha512_hash'] is not defined + block: + - name: Create PBKDF2-SHA512 hash from password for {{ item.name }} + docker_container: + name: slappasswd + image: "{{ docker_registry }}/pwgen" + cleanup: true + detach: false + container_default_behavior: no_defaults + command: "slappasswd -o module-load=pw-pbkdf2 -h {PBKDF2-SHA512} -s {{ password.stdout | default(item.name + '_password') }}" + register: docker_container_output + + - name: Write PBKDF2-SHA512 hash for {{ item.name }} + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_pbkdf2_sha512_hash: \"{{ docker_container_output.container.Output.split('\n')[0] }}\"" diff --git a/roles/pwgen/tasks/secrets.yaml b/roles/pwgen/tasks/secrets.yaml index 4b9a7a6..2804782 100644 --- a/roles/pwgen/tasks/secrets.yaml +++ b/roles/pwgen/tasks/secrets.yaml @@ -1,20 +1,16 @@ -- name: Test if secret exists in file for {{ item.name }} - shell: grep -c "^{{ item.name }}_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: secret_test_grep - - name: Create secret for {{ item.name }} - shell: "openssl rand -hex 32" - register: secret - when: secret_test_grep.stdout == '0' - -- name: Show secret json for {{ item.name }} - debug: - msg: "{{ secret }}" - verbosity: 2 - when: secret_test_grep.stdout == '0' - -- name: Write secret for {{ item.name }} - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_secret: \"{{ secret.stdout }}\"" - when: secret_test_grep.stdout == '0' + when: passwords[item.name + '_secret'] is not defined + block: + - name: Create secret for {{ item.name }} + shell: "openssl rand -hex 32" + register: secret + + - name: Show secret json for {{ item.name }} + debug: + msg: "{{ secret }}" + verbosity: 2 + + - name: Write secret for {{ item.name }} + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_secret: \"{{ secret.stdout }}\"" diff --git a/roles/pwgen/tasks/tsig.yaml b/roles/pwgen/tasks/tsig.yaml index 2073945..7e1447f 100644 --- a/roles/pwgen/tasks/tsig.yaml +++ b/roles/pwgen/tasks/tsig.yaml @@ -1,99 +1,78 @@ -- name: Test if k8s TSIG key exists - shell: grep -c "k8s_tsig" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: k8s_tsig_test_grep +- name: Generate K8s TSIG for Knot DNS + when: passwords['k8s_tsig'] is not defined + block: + - name: Generate k8s TSIG key for Knot DNS + docker_container: + name: keymgr + image: "{{ docker_registry }}/tsig" + cleanup: true + detach: false + container_default_behavior: no_defaults + command: "keymgr -t k8s-{{ k8s_cluster_name }}-{{ namespace }} hmac-sha512" + register: knot_container_output + + - name: Set k8s_key + set_fact: + k8s_key: "{{ knot_container_output.container.Output | from_yaml }}" + + - name: Show k8s TSIG key + debug: + msg: "Knot k8s key for k8s-{{ k8s_cluster_name }}-{{ namespace }}: {{ k8s_key['key'][0]['secret'] }}" + + - name: Write TSIG for Kubernetes + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "k8s_tsig: \"{{ k8s_key['key'][0]['secret'] }}\"" -- name: Test if ddclinet TSIG key exists - shell: grep -c "ddclient_tsig" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: ddclient_tsig_test_grep +- name: Generate ddclient private and public TSIG keys for Knot DNS + when: + - passwords['ddclient_tsig_public_key_base64'] is not defined or passwords['ddclient_tsig_private_key_base64'] is not defined + block: + - name: Generate TSIG key for ddclient + docker_container: + name: ddclient + image: "{{ docker_registry }}/tsig" + cleanup: true + detach: false + container_default_behavior: no_defaults + command: "bash tsig-key.sh ddclient-{{ k8s_cluster_name }}-{{ namespace }}" + register: ddclient_container_output + + - name: Set ddclient_key + set_fact: + ddclient_key: "{{ ddclient_container_output.container.Output | from_yaml }}" + + - name: Show ddclient TSIG public key file + debug: + msg: "ddclient key for ddclient-{{ k8s_cluster_name }}-{{ namespace }}: {{ ddclient_key['tsig'][0]['key'] | b64decode }}" + verbosity: 2 + + - name: Show ddclient TSIG private key file + debug: + msg: "ddclient key for ddclient-{{ k8s_cluster_name }}-{{ namespace }}: {{ ddclient_key['tsig'][0]['private'] | b64decode }}" + verbosity: 2 + + - name: Write ddclient TSIG public key file in base64 + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "ddclient_tsig_public_key_base64: \"{{ ddclient_key['tsig'][0]['key'] }}\"" + + - name: Show ddclient TSIG key + debug: + msg: "{{ ddclient_tsig_key }}" + verbosity: 2 + + - name: Write ddclient TSIG key + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "ddclient_tsig: \"{{ ddclient_tsig_key['Key'] }}\"" -- name: Test if ddclinet TSIG key exists - shell: grep -c "ddclient_tsig_public_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: ddclient_tsig_public_key_test_grep + - name: Write ddclient TSIG private key file in base64 + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "ddclient_tsig_private_key_base64: \"{{ ddclient_key['tsig'][0]['private'] }}\"" -- name: Test if ddclinet TSIG key exists - shell: grep -c "ddclient_tsig_private_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: ddclient_tsig_private_key_test_grep - -- name: Generate k8s TSIG key for Knot DNS - docker_container: - name: keymgr - image: "{{ docker_registry }}/tsig" - cleanup: true - detach: false - container_default_behavior: no_defaults - command: "keymgr -t {{ namespace }} hmac-sha512" - register: knot_container_output - when: k8s_tsig_test_grep.stdout == '0' - -- name: Set k8s_key - set_fact: - k8s_key: "{{ knot_container_output.container.Output | from_yaml }}" - when: k8s_tsig_test_grep.stdout == '0' - -- name: Show k8s TSIG key - debug: - msg: "Knot k8s key: {{ k8s_key['key'][0]['secret'] }}" - when: k8s_tsig_test_grep.stdout == '0' - -- name: Write TSIG for Kubernetes - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "k8s_tsig: \"{{ k8s_key['key'][0]['secret'] }}\"" - when: k8s_tsig_test_grep.stdout == '0' - -- name: Generate TSIG key for ddclient - docker_container: - name: ddclient - image: "{{ docker_registry }}/tsig" - cleanup: true - detach: false - container_default_behavior: no_defaults - command: "bash tsig-key.sh {{ namespace }}" - register: ddclient_container_output - when: ddclient_tsig_public_key_test_grep.stdout == '0' or ddclient_tsig_private_key_test_grep.stdout == '0' - -- name: Set ddclient_key - set_fact: - ddclient_key: "{{ ddclient_container_output.container.Output | from_yaml }}" - when: ddclient_tsig_public_key_test_grep.stdout == '0' or ddclient_tsig_private_key_test_grep.stdout == '0' - -- name: Show ddclient TSIG public key file - debug: - msg: "ddclient key: {{ ddclient_key['tsig'][0]['key'] | b64decode }}" - verbosity: 2 - when: ddclient_tsig_public_key_test_grep.stdout == '0' - -- name: Show ddclient TSIG private key file - debug: - msg: "ddclient key: {{ ddclient_key['tsig'][0]['private'] | b64decode }}" - verbosity: 2 - when: ddclient_tsig_private_key_test_grep.stdout == '0' - -- name: Write ddclient TSIG public key file in base64 - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "ddclient_tsig_public_key_base64: \"{{ ddclient_key['tsig'][0]['key'] }}\"" - when: ddclient_tsig_public_key_test_grep.stdout == '0' - -- name: Write ddclient TSIG private key file in base64 - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "ddclient_tsig_private_key_base64: \"{{ ddclient_key['tsig'][0]['private'] }}\"" - when: ddclient_tsig_private_key_test_grep.stdout == '0' - -- name: Set ddclient TSIG key - set_fact: - ddclient_tsig_key: "{{ ddclient_key['tsig'][0]['private'] | b64decode | from_yaml }}" - when: ddclient_tsig_test_grep.stdout == '0' - -- name: Show ddclient TSIG key - debug: - msg: "{{ ddclient_tsig_key }}" - verbosity: 2 - when: ddclient_tsig_test_grep.stdout == '0' - -- name: Write ddclient TSIG key - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "ddclient_tsig: \"{{ ddclient_tsig_key['Key'] }}\"" - when: ddclient_tsig_test_grep.stdout == '0' + - name: Set ddclient TSIG key + set_fact: + ddclient_tsig_key: "{{ ddclient_key['tsig'][0]['private'] | b64decode | from_yaml }}" + diff --git a/roles/pwgen/tasks/vapid.yaml b/roles/pwgen/tasks/vapid.yaml index f4adb80..113d2cb 100644 --- a/roles/pwgen/tasks/vapid.yaml +++ b/roles/pwgen/tasks/vapid.yaml @@ -1,47 +1,36 @@ -- name: Test if VAPID private key exists - shell: grep -c "^{{ item.name }}_vapid_private_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: vapid_private_key_test_grep - -- name: Test if VAPID public key exists - shell: grep -c "^{{ item.name }}_vapid_public_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true - register: vapid_public_key_test_grep - -- name: Create VAPID keys - docker_container: - name: vapid - image: "{{ docker_registry }}/pwgen" - cleanup: true - detach: false - container_default_behavior: no_defaults - command: "/vapid" - register: vapid_container_output - when: vapid_private_key_test_grep.stdout == '0' or vapid_public_key_test_grep.stdout == '0' - -- name: Set VAPID keys fact - set_fact: - vapid_keys: "{{ vapid_container_output.container.Output | from_yaml }}" - when: vapid_private_key_test_grep.stdout == '0' or vapid_public_key_test_grep.stdout == '0' - -- name: Show VAPID private key - debug: - msg: "vapid private key: {{ vapid_keys['vapidPrivateKey'] }}" - verbosity: 2 - when: vapid_private_key_test_grep.stdout == '0' - -- name: Show VAPID public key - debug: - msg: "vapid public key: {{ vapid_keys['vapidPublicKey'] }}" - verbosity: 2 - when: vapid_public_key_test_grep.stdout == '0' - -- name: Write VAPID private key - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_vapid_private_key_base64: \"{{ vapid_keys['vapidPrivateKey'] | b64encode }}\"" - when: vapid_private_key_test_grep.stdout == '0' - -- name: Write VAPID public key - lineinfile: - path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" - line: "{{ item.name }}_vapid_public_key_base64: \"{{ vapid_keys['vapidPublicKey'] | b64encode }}\"" - when: vapid_public_key_test_grep.stdout == '0' +- name: Generate VAPID keys + when: passwords[item.name + '_vapid_public_key_base64'] is not defined or passwords[item.name + '_vapid_private_key_base64'] is not defined + block: + - name: Create VAPID keys + docker_container: + name: vapid + image: "{{ docker_registry }}/pwgen" + cleanup: true + detach: false + container_default_behavior: no_defaults + command: "/vapid" + register: vapid_container_output + + - name: Set VAPID keys fact + set_fact: + vapid_keys: "{{ vapid_container_output.container.Output | from_yaml }}" + + - name: Show VAPID private key + debug: + msg: "vapid private key: {{ vapid_keys['vapidPrivateKey'] }}" + verbosity: 2 + + - name: Show VAPID public key + debug: + msg: "vapid public key: {{ vapid_keys['vapidPublicKey'] }}" + verbosity: 2 + + - name: Write VAPID private key + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_vapid_private_key_base64: \"{{ vapid_keys['vapidPrivateKey'] | b64encode }}\"" + + - name: Write VAPID public key + lineinfile: + path: "{{ inventory_dir }}/group_vars/all/passwords.yaml" + line: "{{ item.name }}_vapid_public_key_base64: \"{{ vapid_keys['vapidPublicKey'] | b64encode }}\""