ansible-roles/roles/vault/tasks/install.yml

---

- name: Install dependencies
  package:
    name:
      - jq
  tags: vault

- name: Deploy systemd service unit
  template: src=vault.service.j2 dest=/etc/systemd/system/vault.service
  register: vault_unit
  notify: restart vault
  tags: vault

- name: Install consul-template unit
  template: src=consul-template-vault.service.j2 dest=/etc/systemd/system/consul-template-vault.service
  notify: restart consul-template-vault
  register: vault_secrets_nomad_unit
  tags: vault

- name: Reload systemd
  systemd: daemon_reload=True
  when: vault_unit.changed or vault_secrets_nomad_unit.changed
  tags: vault

- name: Install dehydrated hook
  template: src=dehydrated_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/vault mode=755
  tags: vault

- name: Install profile script
  copy:
    content: |
      #!/bin/sh
      export VAULT_ADDR={{ vault_conf.api_addr }}
    dest: /etc/profile.d/vault.sh
    mode: 0755
  tags: vault

- name: Install backup hooks
  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/vault mode=700
  loop:
    - pre
    - post
  tags: vault

- name: Install unseal script
  template: src=unseal dest={{ vault_root_dir }}/bin/unseal mode=700
  tags: vault
Update to 2022-08-31 13:00 2022-08-31 13:00:17 +02:00			`---`

Update to 2024-10-24 12:00 2024-10-24 12:00:41 +02:00			`- name: Install dependencies`
			`package:`
			`name:`
			`- jq`
			`tags: vault`

Update to 2023-07-03 15:00 2023-07-03 15:00:09 +02:00			`- name: Deploy systemd service unit`
			`template: src=vault.service.j2 dest=/etc/systemd/system/vault.service`
			`register: vault_unit`
			`notify: restart vault`
Update to 2023-07-03 00:00 2023-07-03 00:00:20 +02:00			`tags: vault`

Update to 2023-07-03 15:00 2023-07-03 15:00:09 +02:00			`- name: Install consul-template unit`
			`template: src=consul-template-vault.service.j2 dest=/etc/systemd/system/consul-template-vault.service`
			`notify: restart consul-template-vault`
			`register: vault_secrets_nomad_unit`
Update to 2023-07-03 00:00 2023-07-03 00:00:20 +02:00			`tags: vault`

Update to 2023-07-03 15:00 2023-07-03 15:00:09 +02:00			`- name: Reload systemd`
			`systemd: daemon_reload=True`
			`when: vault_unit.changed or vault_secrets_nomad_unit.changed`
Update to 2022-08-31 13:00 2022-08-31 13:00:17 +02:00			`tags: vault`

Update to 2023-07-03 15:00 2023-07-03 15:00:09 +02:00			`- name: Install dehydrated hook`
			`template: src=dehydrated_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/vault mode=755`
Update to 2022-08-31 13:00 2022-08-31 13:00:17 +02:00			`tags: vault`

Update to 2023-07-03 15:00 2023-07-03 15:00:09 +02:00			`- name: Install profile script`
Update to 2022-08-31 13:00 2022-08-31 13:00:17 +02:00			`copy:`
			`content: \|`
Update to 2023-07-03 15:00 2023-07-03 15:00:09 +02:00			`#!/bin/sh`
			`export VAULT_ADDR={{ vault_conf.api_addr }}`
			`dest: /etc/profile.d/vault.sh`
			`mode: 0755`
Update to 2022-08-31 13:00 2022-08-31 13:00:17 +02:00			`tags: vault`
Update to 2023-07-26 19:00 2023-07-26 19:00:19 +02:00
			`- name: Install backup hooks`
			`template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/vault mode=700`
			`loop:`
			`- pre`
			`- post`
			`tags: vault`
Update to 2024-04-17 12:01 2024-04-17 12:01:07 +02:00
			`- name: Install unseal script`
			`template: src=unseal dest={{ vault_root_dir }}/bin/unseal mode=700`
			`tags: vault`