mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-07-27 00:05:44 +02:00
Update to 2022-02-16 15:00
This commit is contained in:
Daniel Berteaud
@@ -1,24 +1,49 @@
|
||||
---
|
||||
|
||||
# Check if a password has already been created
|
||||
- name: Check if password exists
|
||||
- name: Check if password file exists
|
||||
stat: path={{ pass_file }}
|
||||
register: current_pass
|
||||
register: pass_file_exists
|
||||
tags: always
|
||||
|
||||
# When no pass exist, create a new one
|
||||
- name: Install pwgen
|
||||
package: name=pwgen
|
||||
#- name: Check if a vault password file exists
|
||||
# stat: path={{ pass_file }}.vault
|
||||
# register: pass_file_vault_exists
|
||||
# tags: always
|
||||
#
|
||||
## Generate a pass and store it encrypted
|
||||
#- when: not pass_file_exists.stat.exists and not pass_file_vault_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
|
||||
# block:
|
||||
# - package: name=pwgen
|
||||
# - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
|
||||
# register: rand_pass
|
||||
# # Now write this new pass
|
||||
# - copy: content={{ rand_pass.stdout | trim | vault(vault_encryption_key) }} dest={{ pass_file }}.vault mode=600
|
||||
# tags: always
|
||||
|
||||
- when: not current_pass.stat.exists
|
||||
# When no pass exist, create one
|
||||
- when: not pass_file_exists.stat.exists # and (not encryption or vault_encryption_key is not defined)
|
||||
block:
|
||||
- package: name=pwgen
|
||||
- shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
|
||||
register: rand_pass
|
||||
# Now write this new pass
|
||||
- copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600
|
||||
tags: always
|
||||
|
||||
# When pass already exists, just read it
|
||||
- name: Read the password
|
||||
slurp: src={{ pass_file }}
|
||||
register: rand_pass
|
||||
- set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
|
||||
# Read the encrypted pass
|
||||
#- when: not pass_file_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
|
||||
# block:
|
||||
# - name: Read the password
|
||||
# slurp: src={{ pass_file }}.vault
|
||||
# register: rand_pass
|
||||
# - set_fact: rand_pass={{ rand_pass.content | b64decode | trim | unvault(vault_encryption_key) }}
|
||||
# tags: always
|
||||
|
||||
# Read unencrypted pass file (compat)
|
||||
- block:
|
||||
- name: Read the password
|
||||
slurp: src={{ pass_file }}
|
||||
register: rand_pass
|
||||
- set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
|
||||
tags: always
|
||||
|
||||
|
||||
Reference in New Issue
Block a user