From ce1957407c782632c40a484cb3a2ca9206688784 Mon Sep 17 00:00:00 2001
From: Luigi Oliveira <luigimarqs@gmail.com>
Date: Sat, 5 Aug 2023 22:36:37 -0300
Subject: [PATCH] feat: ansible Vault provisioning

---
 ansible/README.md                          |  9 ++++++-
 ansible/nomadserver.yml                    |  4 ++++
 ansible/roles/vault/tasks/main.yml         | 22 +++++++++++++++++
 ansible/roles/vault/templates/vault.hcl.j2 | 28 ++++++++++++++++++++++
 4 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/vault/tasks/main.yml
 create mode 100644 ansible/roles/vault/templates/vault.hcl.j2

diff --git a/ansible/README.md b/ansible/README.md
index ddec340..6dd4ba7 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -38,4 +38,11 @@ ansible-galaxy install geerlingguy.docker
 
 ### Portainer
 The role will install Docker + Portainer, we recommend using the role in **root** user as recommended in [portainer documentation](https://docs.portainer.io/start/install-ce/server/docker/linux#introduction).
-After running the playbook, access your portainer instance using *yourhostname.tld:9443*
\ No newline at end of file
+After running the playbook, access your portainer instance using *yourhostname.tld:9443*
+
+### NOMAD
+TODO!
+Dependencies: 
+```shell
+ansible-galaxy install robertdebock.vault
+```
\ No newline at end of file
diff --git a/ansible/nomadserver.yml b/ansible/nomadserver.yml
index 5fee9b4..4deacaa 100644
--- a/ansible/nomadserver.yml
+++ b/ansible/nomadserver.yml
@@ -1,4 +1,5 @@
 - hosts: nomad
+  become: yes
   tasks:
     #NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!!
     - name: install docker
@@ -7,3 +8,6 @@
     - name: install nomad
       ansible.builtin.import_role:
         name: nomad
+    - name: install nomad
+      ansible.builtin.import_role:
+        name: vault # I NEED TO MANUALLY CREATE THIS ROLE BTW
\ No newline at end of file
diff --git a/ansible/roles/vault/tasks/main.yml b/ansible/roles/vault/tasks/main.yml
new file mode 100644
index 0000000..d1c9841
--- /dev/null
+++ b/ansible/roles/vault/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Install Vault
+  include_role:
+    name: robertdebock.vault
+  vars:
+    vault_installation_method: binary
+  ignore_errors: true
+- name: Import vault configuration
+  ansible.builtin.template:
+    dest: /etc/vault.d/vault.hcl
+    group: vault
+    mode: "0444"
+    owner: vault
+    src: vault.hcl.j2
+- name: Daemon reload
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Restart vault
+  ansible.builtin.service:
+    name: vault
+    state: restarted
\ No newline at end of file
diff --git a/ansible/roles/vault/templates/vault.hcl.j2 b/ansible/roles/vault/templates/vault.hcl.j2
new file mode 100644
index 0000000..1aa0795
--- /dev/null
+++ b/ansible/roles/vault/templates/vault.hcl.j2
@@ -0,0 +1,28 @@
+# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
+
+ui = true
+
+#mlock = true
+disable_mlock = true
+
+storage "file" {
+  path = "/opt/vault/data"
+}
+
+#storage "consul" {
+#  address = "127.0.0.1:8500"
+#  path    = "vault"
+#}
+
+# HTTP listener
+#listener "tcp" {
+#  address = "127.0.0.1:8200"
+#  tls_disable = 1
+#}
+
+# HTTPS listener
+listener "tcp" {
+  address       = "0.0.0.0:8200"
+  tls_cert_file = "/opt/vault/tls/tls.crt"
+  tls_key_file  = "/opt/vault/tls/tls.key"
+}
\ No newline at end of file