add secrets
This commit is contained in:
parent
92ade8ec55
commit
8b31b52dc3
@ -98,7 +98,7 @@ harbor_default_values:
|
|||||||
harborAdminPassword: "{{ harbor_admin_pass | default(harbor_admin_password) }}"
|
harborAdminPassword: "{{ harbor_admin_pass | default(harbor_admin_password) }}"
|
||||||
|
|
||||||
# The secret key used for encryption. Must be a string of 16 chars.
|
# The secret key used for encryption. Must be a string of 16 chars.
|
||||||
secretKey: "{{ harbor_encription_key | default('not-a-secure-key') }}"
|
secretKey: "{{ harbor_secret | default('not-a-secure-key') }}"
|
||||||
|
|
||||||
jobservice:
|
jobservice:
|
||||||
maxJobWorkers: 32
|
maxJobWorkers: 32
|
||||||
|
@ -17,6 +17,10 @@ default_accounts:
|
|||||||
- { name: harbor_admin }
|
- { name: harbor_admin }
|
||||||
- { name: systemuser }
|
- { name: systemuser }
|
||||||
|
|
||||||
|
secret_keys:
|
||||||
|
- { name: peertube }
|
||||||
|
- { name: harbor }
|
||||||
|
|
||||||
htpasswd_accounts:
|
htpasswd_accounts:
|
||||||
- { name: pypiserver_admin }
|
- { name: pypiserver_admin }
|
||||||
- { name: adguard_admin }
|
- { name: adguard_admin }
|
||||||
|
@ -11,6 +11,9 @@
|
|||||||
- include_tasks: passwords.yaml
|
- include_tasks: passwords.yaml
|
||||||
loop: "{{ default_accounts }}"
|
loop: "{{ default_accounts }}"
|
||||||
|
|
||||||
|
- include_tasks: secrets.yaml
|
||||||
|
loop: "{{ secret_keys }}"
|
||||||
|
|
||||||
- include_tasks: htpasswd.yaml
|
- include_tasks: htpasswd.yaml
|
||||||
loop: "{{ htpasswd_accounts }}"
|
loop: "{{ htpasswd_accounts }}"
|
||||||
|
|
||||||
|
20
roles/pwgen/tasks/secrets.yaml
Normal file
20
roles/pwgen/tasks/secrets.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
- name: Test if secret exists in file for {{ item.name }}
|
||||||
|
shell: grep -c "^{{ item.name }}_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
|
||||||
|
register: secret_test_grep
|
||||||
|
|
||||||
|
- name: Create secret for {{ item.name }}
|
||||||
|
shell: "openssl rand -hex 32"
|
||||||
|
register: secret
|
||||||
|
when: secret_test_grep.stdout == '0'
|
||||||
|
|
||||||
|
- name: Show secret json for {{ item.name }}
|
||||||
|
debug:
|
||||||
|
msg: "{{ secret }}"
|
||||||
|
verbosity: 2
|
||||||
|
when: secret_test_grep.stdout == '0'
|
||||||
|
|
||||||
|
- name: Write secret for {{ item.name }}
|
||||||
|
lineinfile:
|
||||||
|
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
|
||||||
|
line: "{{ item.name }}_secret: \"{{ secret.stdout }}\""
|
||||||
|
when: secret_test_grep.stdout == '0'
|
Loading…
Reference in New Issue
Block a user