From f8e6edbc750f74d9d03f3c3bce5e7df0ee39a44c Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 16 Feb 2022 15:00:05 +0100 Subject: [PATCH] Update to 2022-02-16 15:00 --- roles/includes/get_rand_pass.yml | 49 ++++++++++++++++++++++++-------- roles/penpot/defaults/main.yml | 4 +-- 2 files changed, 39 insertions(+), 14 deletions(-) diff --git a/roles/includes/get_rand_pass.yml b/roles/includes/get_rand_pass.yml index 89d2bff..4d0741a 100644 --- a/roles/includes/get_rand_pass.yml +++ b/roles/includes/get_rand_pass.yml @@ -1,24 +1,49 @@ --- - # Check if a password has already been created -- name: Check if password exists +- name: Check if password file exists stat: path={{ pass_file }} - register: current_pass + register: pass_file_exists + tags: always - # When no pass exist, create a new one -- name: Install pwgen - package: name=pwgen +#- name: Check if a vault password file exists +# stat: path={{ pass_file }}.vault +# register: pass_file_vault_exists +# tags: always +# +## Generate a pass and store it encrypted +#- when: not pass_file_exists.stat.exists and not pass_file_vault_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined +# block: +# - package: name=pwgen +# - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1 +# register: rand_pass +# # Now write this new pass +# - copy: content={{ rand_pass.stdout | trim | vault(vault_encryption_key) }} dest={{ pass_file }}.vault mode=600 +# tags: always -- when: not current_pass.stat.exists +# When no pass exist, create one +- when: not pass_file_exists.stat.exists # and (not encryption or vault_encryption_key is not defined) block: + - package: name=pwgen - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1 register: rand_pass # Now write this new pass - copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600 + tags: always - # When pass already exists, just read it -- name: Read the password - slurp: src={{ pass_file }} - register: rand_pass -- set_fact: rand_pass={{ rand_pass.content | b64decode | trim }} +# Read the encrypted pass +#- when: not pass_file_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined +# block: +# - name: Read the password +# slurp: src={{ pass_file }}.vault +# register: rand_pass +# - set_fact: rand_pass={{ rand_pass.content | b64decode | trim | unvault(vault_encryption_key) }} +# tags: always + +# Read unencrypted pass file (compat) +- block: + - name: Read the password + slurp: src={{ pass_file }} + register: rand_pass + - set_fact: rand_pass={{ rand_pass.content | b64decode | trim }} + tags: always diff --git a/roles/penpot/defaults/main.yml b/roles/penpot/defaults/main.yml index e34e32b..0069117 100644 --- a/roles/penpot/defaults/main.yml +++ b/roles/penpot/defaults/main.yml @@ -1,7 +1,7 @@ --- # Penpot version to deploy -penpot_version: 1.11.0-beta +penpot_version: 1.11.2-beta # SHould ansible manage upgrades. If False, only the initial install will be done penpot_manage_upgrade: True @@ -10,7 +10,7 @@ penpot_root_dir: /opt/penpot # URL of the archive penpot_archive_url: https://github.com/penpot/penpot/archive/refs/tags/{{ penpot_version }}.tar.gz # Expected sha256 of the archive -penpot_archive_sha256: bef65fd065e6bc36e31b9395433f9b4393186ddafd1413b1bc46f4e3d8c22fa0 +penpot_archive_sha256: 53841697c889989d83851f4759713d0cbe62648b12cee065a78f7cea2986d818 # User under which penpot will run. Will be created penpot_user: penpot