From 6374fa8effca6da5df930c05926d3218853f0850 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Tue, 15 Jul 2025 08:16:48 +0200 Subject: [PATCH] Keep sensitive vars in vault --- ansible/ansible.cfg | 2 ++ ansible/group_vars/instance_system/vars.yaml | 1 + ansible/group_vars/instance_system/vault.yaml | 21 +++++++++++++++++++ ansible/roles/arr/defaults/main.yml | 2 +- 4 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 ansible/group_vars/instance_system/vars.yaml create mode 100644 ansible/group_vars/instance_system/vault.yaml diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index c491d26..168509f 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,3 +1,5 @@ [defaults] remote_tmp = /tmp inventory = inventory + +vault_password_file = vaultpass diff --git a/ansible/group_vars/instance_system/vars.yaml b/ansible/group_vars/instance_system/vars.yaml new file mode 100644 index 0000000..9aeda4e --- /dev/null +++ b/ansible/group_vars/instance_system/vars.yaml @@ -0,0 +1 @@ +arrstack_tz: Europe/Berlin diff --git a/ansible/group_vars/instance_system/vault.yaml b/ansible/group_vars/instance_system/vault.yaml new file mode 100644 index 0000000..dbf15e9 --- /dev/null +++ b/ansible/group_vars/instance_system/vault.yaml @@ -0,0 +1,21 @@ +$ANSIBLE_VAULT;1.1;AES256 +38663563663066323465636561656239653630366234366662333834646137386466353561666139 +6263613364316362663863366431663963646461656564360a366332326435386134356233616632 +38336136386662383439613830373933633566393836613932653564633938656130663764313961 +3532373338643762390a656266386633313037316638306435653830333430656430396138313032 +36396562393534366665376562343361386634343262326238393535326431333637653836636436 +33313833333565623239306232363935656534643030653961636462383164353230373465393238 +64393461343533616536353865623835633065656535316262356365373663616263373637396534 +65376266643538663437306237633436656130646430333036336139336231353062626462646135 +62326536323362313136356435656364333562363335396237613331626539356139353830353961 +33346362653163633063633531663539613630636461323564363633626166353139623030633962 +36346331613839373036656231663436653538336336376166373231323037333937643530626161 +63323364643736313632323939623833343338393038623939356162653932323265353461303133 +32633266616664393739636633356562386430316134353564396664643431623963316136306666 +30353566643337306439316132313535303235346430346631303933356465383039663065333163 +65323931356165366235383463373738326134303835393738633331336431333563376431313364 +38376138386530313764616239653462656133626633613532303937653435663932633039313338 +39373965313338623162306632303165323863376430316461336336393630393766383339393334 +63353530393164376165313238656137383936616232303130373337326165646231613765356438 +39343265666638396631386132373734323037313339633837313961613938386561663733333134 +65633338366361646332 diff --git a/ansible/roles/arr/defaults/main.yml b/ansible/roles/arr/defaults/main.yml index 47ea10a..e68c8ef 100644 --- a/ansible/roles/arr/defaults/main.yml +++ b/ansible/roles/arr/defaults/main.yml @@ -7,7 +7,7 @@ arrstack_data_dir_create: true arrstack_puid: 1000 arrstack_pgid: 100 -arrstack_tz: Europe/Berlin +arrstack_tz: NorthAmerica/Chicago arrstack_umask_set: 022 # arrstack_mb_user: Musicbrainz-user