add secrets

roles/harbor/defaults/main.yaml

@@ -98,7 +98,7 @@ harbor_default_values:
   harborAdminPassword: "{{ harbor_admin_pass | default(harbor_admin_password) }}"
   
   # The secret key used for encryption. Must be a string of 16 chars.
-  secretKey: "{{ harbor_encription_key | default('not-a-secure-key') }}"
+  secretKey: "{{ harbor_secret | default('not-a-secure-key') }}"
   
   jobservice:
     maxJobWorkers: 32

roles/pwgen/defaults/main.yaml

@@ -17,6 +17,10 @@ default_accounts:
   - { name: harbor_admin }
   - { name: systemuser }
 
+secret_keys:
+  - { name: peertube }
+  - { name: harbor }
+
 htpasswd_accounts:
   - { name: pypiserver_admin }
   - { name: adguard_admin }

roles/pwgen/tasks/main.yaml

@@ -11,6 +11,9 @@
 - include_tasks: passwords.yaml
   loop: "{{ default_accounts }}"
 
+- include_tasks: secrets.yaml
+  loop: "{{ secret_keys }}"
+
 - include_tasks: htpasswd.yaml
   loop: "{{ htpasswd_accounts }}"
 

roles/pwgen/tasks/secrets.yaml

@@ -0,0 +1,20 @@
+- name: Test if secret exists in file for {{ item.name }}
+  shell: grep -c "^{{ item.name }}_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
+  register: secret_test_grep
+  
+- name: Create secret for {{ item.name }}
+  shell: "openssl rand -hex 32"
+  register: secret
+  when: secret_test_grep.stdout == '0'
+
+- name: Show secret json for {{ item.name }}
+  debug:
+    msg: "{{ secret }}"
+    verbosity: 2
+  when: secret_test_grep.stdout == '0'
+
+- name: Write secret for {{ item.name }}
+  lineinfile:
+    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
+    line: "{{ item.name }}_secret: \"{{ secret.stdout }}\""
+  when: secret_test_grep.stdout == '0'