jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-16 10:13:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-02-16 15:00

Browse Source
This commit is contained in:
Daniel Berteaud 2022-02-16 15:00:05 +01:00
parent 67315d6c81
commit f8e6edbc75
2 changed files with 39 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
roles/includes/get_rand_pass.yml
View File

@ -1,24 +1,49 @@
--- ---
# Check if a password has already been created - name: Check if password file exists
- name: Check if password exists
stat: path={{ pass_file }} stat: path={{ pass_file }}
register: current_pass register: pass_file_exists
tags: always
# When no pass exist, create a new one #- name: Check if a vault password file exists
- name: Install pwgen # stat: path={{ pass_file }}.vault
package: name=pwgen # register: pass_file_vault_exists
# tags: always
#
## Generate a pass and store it encrypted
#- when: not pass_file_exists.stat.exists and not pass_file_vault_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
# block:
# - package: name=pwgen
# - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
# register: rand_pass
# # Now write this new pass
# - copy: content={{ rand_pass.stdout | trim | vault(vault_encryption_key) }} dest={{ pass_file }}.vault mode=600
# tags: always
- when: not current_pass.stat.exists # When no pass exist, create one
- when: not pass_file_exists.stat.exists # and (not encryption or vault_encryption_key is not defined)
block: block:
- package: name=pwgen
- shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1 - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
register: rand_pass register: rand_pass
# Now write this new pass # Now write this new pass
- copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600 - copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600
tags: always
# When pass already exists, just read it # Read the encrypted pass
#- when: not pass_file_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
# block:
# - name: Read the password
# slurp: src={{ pass_file }}.vault
# register: rand_pass
# - set_fact: rand_pass={{ rand_pass.content | b64decode | trim | unvault(vault_encryption_key) }}
# tags: always
# Read unencrypted pass file (compat)
- block:
- name: Read the password - name: Read the password
slurp: src={{ pass_file }} slurp: src={{ pass_file }}
register: rand_pass register: rand_pass
- set_fact: rand_pass={{ rand_pass.content | b64decode | trim }} - set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
tags: always

4
roles/penpot/defaults/main.yml
View File

@ -1,7 +1,7 @@
--- ---
# Penpot version to deploy # Penpot version to deploy
penpot_version: 1.11.0-beta penpot_version: 1.11.2-beta
# SHould ansible manage upgrades. If False, only the initial install will be done # SHould ansible manage upgrades. If False, only the initial install will be done
penpot_manage_upgrade: True penpot_manage_upgrade: True
@ -10,7 +10,7 @@ penpot_root_dir: /opt/penpot
# URL of the archive # URL of the archive
penpot_archive_url: https://github.com/penpot/penpot/archive/refs/tags/{{ penpot_version }}.tar.gz penpot_archive_url: https://github.com/penpot/penpot/archive/refs/tags/{{ penpot_version }}.tar.gz
# Expected sha256 of the archive # Expected sha256 of the archive
penpot_archive_sha256: bef65fd065e6bc36e31b9395433f9b4393186ddafd1413b1bc46f4e3d8c22fa0 penpot_archive_sha256: 53841697c889989d83851f4759713d0cbe62648b12cee065a78f7cea2986d818
# User under which penpot will run. Will be created # User under which penpot will run. Will be created
penpot_user: penpot penpot_user: penpot