- name:  Establish systemd-creds for use with multiple services
  hosts:  arch debian
  become:  true

  vars_prompt:
    - name:  passphrase
      prompt:  "Enter password manager passphrase"
      private:  true
      confirm:  true
    - name:  creds_var
      prompt:  "Enter the environment variable where systemd will store the credential PATH"
      private:  false
    - name:  creds_name
      prompt:  "Enter the credential name"
      private:  false

  tasks:
    - name:  Create shared systemd runtime override directory
      ansible.builtin.command:
        cmd:  mkdir /etc/systemd/system/shared.d
        creates:  /etc/systemd/system/shared.d
    - name:  Create override
      ansible.builtin.shell:
        cmd: |
          printf {{ passphrase }} | (echo "[Service]"; systemd-creds encrypt --name={{ creds_name }} --pretty - -) >> /etc/systemd/system/shared.d/00-systemd-creds.conf
          printf "Environment=%s=%%d/%s\n" {{ creds_var }} {{ creds_name }} >> /etc/systemd/system/shared.d/00-systemd-creds.conf
        #creates:  /etc/systemd/system/shared.d/00-systemd-creds.conf