web/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ansible vault

Browse Source
This commit is contained in:
Maxim Hutz
2025-09-04 22:08:00 -04:00
parent d094a1b26b
commit ed972509ce
5 changed files with 35 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -212,4 +212,5 @@ cython_debug/
*secret* *secret*
.vscode .vscode
.DS_Store .DS_Store
*.key

37
Taskfile.yml
View File

@@ -1,21 +1,24 @@
version: 3 version: 3
includes: # includes:
tf: { taskfile: terraform, dir: terraform } # tf: { taskfile: terraform, dir: terraform }
# tasks:
# dev:
# - docker compose -f compose.dev.yml rm -fsv
# - docker compose -f compose.dev.yml up --build --force-recreate --no-deps
# deploy:fast: ansible-playbook playbooks/fast.yml
# deploy:slow: ansible-playbook playbooks/slow.yml
# deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
# enter:
# cmd: aws ssm start-session --target $INSTANCE_ID
# env:
# INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json }
# AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
# AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
# AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }
tasks: tasks:
dev: vault:edit: ansible-vault edit vault.yml
- docker compose -f compose.dev.yml rm -fsv
- docker compose -f compose.dev.yml up --build --force-recreate --no-deps
deploy:fast: ansible-playbook playbooks/fast.yml
deploy:slow: ansible-playbook playbooks/slow.yml
deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
enter:
cmd: aws ssm start-session --target $INSTANCE_ID
env:
INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json }
AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }

6
ansible.cfg
View File

@@ -1,6 +1,12 @@
[defaults] [defaults]
callbacks_enabled = profile_tasks callbacks_enabled = profile_tasks
localhost_warning = False localhost_warning = False
vault_password_file = vault.key
[inventory] [inventory]
inventory_unparsed_warning = False inventory_unparsed_warning = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
pipelining = True
retries = 256

1
requirements.txt
View File

@@ -14,6 +14,7 @@ charset-normalizer==3.4.1
click==8.1.8 click==8.1.8
cryptography==44.0.0 cryptography==44.0.0
filelock==3.16.1 filelock==3.16.1
go-task-bin==3.44.1
idna==3.10 idna==3.10
importlib_metadata==8.5.0 importlib_metadata==8.5.0
Jinja2==3.1.5 Jinja2==3.1.5

6
vault.yml Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
38656161656531643430306264373465643164656338326333333365646666336364303939383330
3730613865373335386631313931656438396435366330610a663837343033643964356333653663
66643062653936343031336432663064663831313430346464643534316538616638333965386531
3834373335663766380a396534363833653163373635353037623337336637303962303733396439
6631