Move VM secrets to a separate password store directory

This commit is contained in:
Timotej Lazar 2024-04-08 15:06:18 +02:00
parent 6dcae194d7
commit 000f625988
5 changed files with 10 additions and 10 deletions

View file

@ -28,8 +28,8 @@
command: ktutil
responses:
'.*:':
- 'add_entry -password -p {{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }} -k 1 -e aes256-cts-hmac-sha1-96'
- '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}'
- 'add_entry -password -p {{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }} -k 1 -e aes256-cts-hmac-sha1-96'
- '{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_pass") }}'
- 'write_kt /etc/krb5.keytab'
- 'exit'
args:

View file

@ -1,7 +1,7 @@
#!/bin/sh
dns={{ dns[0] }}
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
ldap_user={{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}
ttl=10
kinit -k -t /etc/krb5.keytab "${ldap_user}"

View file

@ -1,7 +1,7 @@
#!/bin/sh
dns={{ dns[0] }}
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
ldap_user={{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}
kinit -k -t /etc/krb5.keytab "${ldap_user}"
nsupdate -g <<EOF

View file

@ -9,7 +9,7 @@
become_method: su
become_flags: "-s /bin/sh"
git:
repo: '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="friwall_repo") }}'
repo: '{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="friwall_repo") }}'
dest: /srv/friwall/app
force: yes
notify: reload uwsgi

View file

@ -1,10 +1,10 @@
{
"ldap_host": "{{ domain }}",
"ldap_user": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}",
"ldap_pass": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}",
"ldap_user": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}",
"ldap_pass": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_pass") }}",
"ldap_base_dn": "{{ ldap_base_dn }}",
"oidc_server": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_server") }}",
"oidc_client_id": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_client_id") }}",
"oidc_client_secret": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_client_secret") }}",
"oidc_server": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="oidc_server") }}",
"oidc_client_id": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="oidc_client_id") }}",
"oidc_client_secret": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="oidc_client_secret") }}",
"wg_net": "{{ wg_net }}"
}