add secrets

This commit is contained in:
ace 2023-03-02 21:32:58 +03:00
parent 92ade8ec55
commit 8b31b52dc3
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
4 changed files with 28 additions and 1 deletions

View File

@ -98,7 +98,7 @@ harbor_default_values:
harborAdminPassword: "{{ harbor_admin_pass | default(harbor_admin_password) }}" harborAdminPassword: "{{ harbor_admin_pass | default(harbor_admin_password) }}"
# The secret key used for encryption. Must be a string of 16 chars. # The secret key used for encryption. Must be a string of 16 chars.
secretKey: "{{ harbor_encription_key | default('not-a-secure-key') }}" secretKey: "{{ harbor_secret | default('not-a-secure-key') }}"
jobservice: jobservice:
maxJobWorkers: 32 maxJobWorkers: 32

View File

@ -17,6 +17,10 @@ default_accounts:
- { name: harbor_admin } - { name: harbor_admin }
- { name: systemuser } - { name: systemuser }
secret_keys:
- { name: peertube }
- { name: harbor }
htpasswd_accounts: htpasswd_accounts:
- { name: pypiserver_admin } - { name: pypiserver_admin }
- { name: adguard_admin } - { name: adguard_admin }

View File

@ -11,6 +11,9 @@
- include_tasks: passwords.yaml - include_tasks: passwords.yaml
loop: "{{ default_accounts }}" loop: "{{ default_accounts }}"
- include_tasks: secrets.yaml
loop: "{{ secret_keys }}"
- include_tasks: htpasswd.yaml - include_tasks: htpasswd.yaml
loop: "{{ htpasswd_accounts }}" loop: "{{ htpasswd_accounts }}"

View File

@ -0,0 +1,20 @@
- name: Test if secret exists in file for {{ item.name }}
shell: grep -c "^{{ item.name }}_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
register: secret_test_grep
- name: Create secret for {{ item.name }}
shell: "openssl rand -hex 32"
register: secret
when: secret_test_grep.stdout == '0'
- name: Show secret json for {{ item.name }}
debug:
msg: "{{ secret }}"
verbosity: 2
when: secret_test_grep.stdout == '0'
- name: Write secret for {{ item.name }}
lineinfile:
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
line: "{{ item.name }}_secret: \"{{ secret.stdout }}\""
when: secret_test_grep.stdout == '0'