M roles/srht/tasks/main.yml => roles/srht/tasks/main.yml +8 -4
@@ 3,6 3,10 @@
ansible.builtin.set_fact:
srht_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/srht') }}"
+- name: Get gpg secrets
+ ansible.builtin.set_fact:
+ gpg_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/srht-gpg') }}"
+
- name: Get minio secrets
ansible.builtin.set_fact:
minio_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/minio') }}"
@@ 34,16 38,16 @@
notify: restart srht
- name: Deposit GPG private key
- ansible.builtin.copy:
- src: /home/xenrox/decrypted/gpg/sourcehut/private.key
+ ansible.builtin.template:
+ src: sourcehut.priv.j2
dest: /etc/sr.ht/sourcehut.priv
owner: root
group: root
mode: 0644
- name: Deposit GPG public key
- ansible.builtin.copy:
- src: /home/xenrox/decrypted/gpg/sourcehut/public.key
+ ansible.builtin.template:
+ src: sourcehut.pub.j2
dest: /etc/sr.ht/sourcehut.pub
owner: root
group: root
A roles/srht/templates/sourcehut.priv.j2 => roles/srht/templates/sourcehut.priv.j2 +1 -0
@@ 0,0 1,1 @@
+{{ gpg_secrets['private'] }}
A roles/srht/templates/sourcehut.pub.j2 => roles/srht/templates/sourcehut.pub.j2 +1 -0
@@ 0,0 1,1 @@
+{{ gpg_secrets['public'] }}
A terraform_vault/vault-files.sh => terraform_vault/vault-files.sh +6 -0
@@ 0,0 1,6 @@
+#!/bin/sh
+
+# Store files in vault with help of the CLI
+
+vault kv put ansible/srht-gpg private=@/home/xenrox/decrypted/gpg/sourcehut/private.key \
+ public=@/home/xenrox/decrypted/gpg/sourcehut/public.key