From bb8d31c5553f9653b5f4d59bdd57bc4b14141e65 Mon Sep 17 00:00:00 2001 From: Thomas Kleinendorst Date: Wed, 10 Apr 2024 16:08:08 +0200 Subject: [PATCH] Add ansible.cfg with vault functionality --- .gitignore | 1 + README.md | 8 +++++++- ansible.cfg | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 ansible.cfg diff --git a/.gitignore b/.gitignore index 2485fe2..c74bdfb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ cloudflare_token.ini .vscode/settings.json +.vault_pass diff --git a/README.md b/README.md index 3197929..d7c0138 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,12 @@ The files within this repository should be run on a computer with Ansible instal ```bash ansible-galaxy install -r requirements.yml ``` +3. Enter the vault password in the **.vault_pass** file. This is included in **.gitignore** so it shouldn't end up in the repository: + + ```bash + # Notice the space at the beginning, this prevents the shell from saving this command in its history. + echo '[ -- enter vault pass here -- ]' > .vault_pass + ``` ### Environment prerequisites The Raspberry Pi IaC code contained within this repository provisions the Raspberry Pi itself but doesn't provision all surrounding infrastructure which is presumed to be managed by hand. The following relevant configuration is assumed: @@ -36,7 +42,7 @@ The Raspberry Pi should be installed and running with reachable SSH from the net Provision the Raspberry Pi by running: ```bash -ansible-playbook -i inventory playbook.yml +ansible-playbook playbook.yml ``` ## Overview of installed software diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..b24672b --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +inventory = ./inventory/hosts +vault_password_file = ./.vault_pass