feat: ansible Vault provisioning

2025-06-07 07:56:37 -03:00 · 2023-08-05 22:36:37 -03:00 · 2023-08-05 22:36:37 -03:00 · ce1957407c
commit ce1957407c
parent ac28383173
4 changed files with 62 additions and 1 deletions
--- a/ansible/README.md
+++ b/ansible/README.md
@ -38,4 +38,11 @@ ansible-galaxy install geerlingguy.docker

 ### Portainer
 The role will install Docker + Portainer, we recommend using the role in **root** user as recommended in [portainer documentation](https://docs.portainer.io/start/install-ce/server/docker/linux#introduction).
-After running the playbook, access your portainer instance using *yourhostname.tld:9443*
+After running the playbook, access your portainer instance using *yourhostname.tld:9443*
+
+### NOMAD
+TODO!
+Dependencies: 
+```shell
+ansible-galaxy install robertdebock.vault
+```
--- a/ansible/nomadserver.yml
+++ b/ansible/nomadserver.yml
@ -1,4 +1,5 @@
 - hosts: nomad
+  become: yes
  tasks:
    #NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!!
    - name: install docker
@ -7,3 +8,6 @@
    - name: install nomad
      ansible.builtin.import_role:
        name: nomad
+    - name: install nomad
+      ansible.builtin.import_role:
+        name: vault # I NEED TO MANUALLY CREATE THIS ROLE BTW
--- a/ansible/roles/vault/tasks/main.yml
+++ b/ansible/roles/vault/tasks/main.yml
@ -0,0 +1,22 @@
+---
+- name: Install Vault
+  include_role:
+    name: robertdebock.vault
+  vars:
+    vault_installation_method: binary
+  ignore_errors: true
+- name: Import vault configuration
+  ansible.builtin.template:
+    dest: /etc/vault.d/vault.hcl
+    group: vault
+    mode: "0444"
+    owner: vault
+    src: vault.hcl.j2
+- name: Daemon reload
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Restart vault
+  ansible.builtin.service:
+    name: vault
+    state: restarted
--- a/ansible/roles/vault/templates/vault.hcl.j2
+++ b/ansible/roles/vault/templates/vault.hcl.j2
@ -0,0 +1,28 @@
+# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
+
+ui = true
+
+#mlock = true
+disable_mlock = true
+
+storage "file" {
+  path = "/opt/vault/data"
+}
+
+#storage "consul" {
+#  address = "127.0.0.1:8500"
+#  path    = "vault"
+#}
+
+# HTTP listener
+#listener "tcp" {
+#  address = "127.0.0.1:8200"
+#  tls_disable = 1
+#}
+
+# HTTPS listener
+listener "tcp" {
+  address       = "0.0.0.0:8200"
+  tls_cert_file = "/opt/vault/tls/tls.crt"
+  tls_key_file  = "/opt/vault/tls/tls.key"
+}