mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

ci: ansible-vault + move to viczem.keepass #130

Merged
mg merged 2 commits from keepass into master 2024-07-09 22:10:18 +02:00
Conversation 0 Commits 2 Files changed 4 +14 -5
2 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 0d349aa886 - Show all commits

7
.woodpecker/ansible-lint.yml
View file

@ -6,9 +6,14 @@ steps:
ansible-lint: ansible-lint:
image: quay.io/ansible/creator-ee:v24.2.0 image: quay.io/ansible/creator-ee:v24.2.0
commands: commands:
- pip install 'pykeepass==4.0.3' --user # Secrets
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung - echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
- chmod 0400 ./id_ed25519
# Abhängigkeiten
- pip install 'pykeepass==4.0.3' --user
- ansible-galaxy install -r requirements.yaml - ansible-galaxy install -r requirements.yaml
# Doing
- ansible-lint --version - ansible-lint --version
- ansible-lint --force-color --format pep8 - ansible-lint --force-color --format pep8
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands # https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands

12
.woodpecker/ansible-playbook.yml
View file

@ -6,12 +6,16 @@ steps:
ansible-playbook: ansible-playbook:
image: quay.io/ansible/creator-ee:v24.2.0 image: quay.io/ansible/creator-ee:v24.2.0
commands: commands:
- pip install 'pykeepass==4.0.3' --user # Secrets
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
- ansible localhost -m debug -a "var={{ lookup('keepass', 'restic_repository_password', 'password') }}"
- ansible-galaxy install -r requirements.yaml
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert" - echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreakes, daher mit base64 -w0 "kodiert"
- echo $${VAULTPASS} | base64 -d > ./vault-pass.yml # Name des Secrets in Großschreibung
- chmod 0400 ./id_ed25519 - chmod 0400 ./id_ed25519
# Abhängigkeiten
- pip install 'pykeepass==4.0.3' --user
- ansible-galaxy install -r requirements.yaml
# Debug
- ansible localhost -m debug -a "var={{ lookup('keepass', 'restic_repository_password', 'password') }}"
# Doing
- ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production - ansible-playbook playbooks/2_all.yml playbooks/3_service/* --limit production
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands # https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
secrets: [vaultpass, sshkey] secrets: [vaultpass, sshkey]