28 lines
1.1 KiB
YAML
28 lines
1.1 KiB
YAML
- name: Establish systemd-creds for use with multiple services
|
|
hosts: arch debian
|
|
become: true
|
|
|
|
vars_prompt:
|
|
- name: passphrase
|
|
prompt: "Enter password manager passphrase"
|
|
private: true
|
|
confirm: true
|
|
- name: creds_var
|
|
prompt: "Enter the environment variable where systemd will store the credential PATH"
|
|
private: false
|
|
- name: creds_name
|
|
prompt: "Enter the credential name"
|
|
private: false
|
|
|
|
tasks:
|
|
- name: Create shared systemd runtime override directory
|
|
ansible.builtin.command:
|
|
cmd: mkdir /etc/systemd/system/shared.d
|
|
creates: /etc/systemd/system/shared.d
|
|
- name: Create override
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
printf {{ passphrase }} | (echo "[Service]"; systemd-creds encrypt --name={{ creds_name }} --pretty - -) >> /etc/systemd/system/shared.d/00-systemd-creds.conf
|
|
printf "Environment=%s=%%d/%s\n" {{ creds_var }} {{ creds_name }} >> /etc/systemd/system/shared.d/00-systemd-creds.conf
|
|
#creates: /etc/systemd/system/shared.d/00-systemd-creds.conf
|