fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2026-03-22 12:29:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: fenix-gitea-admin:f34763271e0a5e2d1aacf406a198b2ec8c3daf8f
Branches Tags
fenix-gitea-admin:main fenix-gitea-admin:kubernetes-vazio
..
compare: fenix-gitea-admin:ab1769f830e423cbb988eaa8bd254acee40cedfe
Branches Tags
fenix-gitea-admin:main fenix-gitea-admin:kubernetes-vazio

15 Commits
f34763271e ... ab1769f830

Author SHA1 Message Date
fenix-gitea-admin
ab1769f830 Update roles/stolon/tasks/main.yml 2025-10-30 22:19:10 +00:00
Tomás Limpinho
91ded9edd2 export not 2025-10-30 21:09:30 +00:00
Tomás Limpinho
460a1e07a3 vars bw to stolon 2025-10-30 21:02:15 +00:00
Tomás Limpinho
5fab44c939 bw on stolon 2025-10-30 20:55:00 +00:00
fenix-gitea-admin
46994b5cc7 Update roles/vaultwarden/tasks/main.yml 2025-10-30 20:48:00 +00:00
fenix-gitea-admin
6dcc0640b6 Update roles/vaultwarden/tasks/main.yml 2025-10-30 20:29:28 +00:00
fenix-gitea-admin
20e6e518a4 Update .gitea/workflows/deploy-k8s.yml 2025-10-30 20:24:42 +00:00
fenix-gitea-admin
99f42d7223 Update roles/vaultwarden/tasks/main.yml 2025-10-30 20:24:02 +00:00
fenix-gitea-admin
d9d8a41574 Update roles/vaultwarden/tasks/main.yml 2025-10-30 20:19:04 +00:00
fenix-gitea-admin
2e3fe12b16 Update roles/vaultwarden/tasks/main.yml 2025-10-30 20:14:38 +00:00
fenix-gitea-admin
bd480ae5cf Update roles/vaultwarden/tasks/main.yml 2025-10-30 20:00:53 +00:00
fenix-gitea-admin
564a9b028c Update .gitea/workflows/deploy-k8s.yml 2025-10-30 20:00:09 +00:00
fenix-gitea-admin
ae076fd98a Update roles/vaultwarden/tasks/main.yml 2025-10-30 19:51:56 +00:00
fenix-gitea-admin
5ce25f0267 Update .gitea/workflows/deploy-k8s.yml 2025-10-30 19:50:33 +00:00
fenix-gitea-admin
5bb538322b Update .gitea/workflows/deploy-k8s.yml 2025-10-30 19:43:35 +00:00
4 changed files with 24 additions and 4 deletions
Expand all files Collapse all files

3
.gitea/workflows/deploy-k8s.yml
View File

@ -36,7 +36,6 @@ jobs:
echo "session" echo "session"
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw) BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
echo "BW_SESSION=$BW_SESSION" >> $GITEA_ENV echo "BW_SESSION=$BW_SESSION" >> $GITEA_ENV
- name: Cloning ansible repository - name: Cloning ansible repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -56,6 +55,6 @@ jobs:
- name: Run Ansible Playbook - name: Run Ansible Playbook
working-directory: ansible/iac working-directory: ansible/iac
run: | run: |
ansible-playbook -i inventory.ini playbook.yml ansible-playbook -i inventory.ini playbook.yml -e "BW_CLIENTID=$BW_CLIENTID BW_CLIENTSECRET=$BW_CLIENTSECRET BW_PASSWORD=$BW_PASSWORD BW_EMAIL=$BW_EMAIL"
env: env:
BW_SESSION: ${{ env.BW_SESSION }} BW_SESSION: ${{ env.BW_SESSION }}

7
roles/stolon/tasks/main.yml
View File

@ -21,9 +21,12 @@
shell: ls -l /tmp/stolon/kubernetes-files/files shell: ls -l /tmp/stolon/kubernetes-files/files
register: resultado_ls register: resultado_ls
- name: Obter várias notas do Bitwarden - name: Obter várias notas do Bitwarden
shell: | shell: |
export BW_SESSION={{ lookup('env', 'BW_SESSION') }} echo "unlock"
BW_SESSION=$(bw unlock {{ bw_password }} --raw)
echo "get item"
bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
loop: loop:
- { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" } - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
@ -31,6 +34,8 @@
- { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" } - { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" }
args: args:
executable: /bin/bash executable: /bin/bash
environment:
BW_PASSWORD: "{{ BW_PASSWORD }}"
- name: Mostrar resultado do ls - name: Mostrar resultado do ls

4
roles/stolon/vars/main.yml Normal file
View File

@ -0,0 +1,4 @@
bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"

14
roles/vaultwarden/tasks/main.yml
View File

@ -45,20 +45,32 @@
register: bw_version register: bw_version
failed_when: bw_version.rc != 0 failed_when: bw_version.rc != 0
- name: Garantir logout do Bitwarden antes de configurar
shell: bw logout
ignore_errors: true
- name: Fazer login no Bitwarden - name: Fazer login no Bitwarden
shell: | shell: |
echo "config" echo "config"
echo "VAULTWARDEN_LINK: {{ VAULTWARDEN_LINK }}" echo "VAULTWARDEN_LINK: {{ VAULTWARDEN_LINK }}"
bw config server {{ VAULTWARDEN_LINK }} bw config server {{ VAULTWARDEN_LINK }}
echo $BW_CLIENTID
echo $BW_CLIENTSECRET
echo "login" echo "login"
bw login --apikey bw login --apikey
environment:
BW_CLIENTID: "{{ BW_CLIENTID }}"
BW_CLIENTSECRET: "{{ BW_CLIENTSECRET }}"
VAULTWARDEN_LINK: "{{ VAULTWARDEN_LINK }}"
args: args:
executable: /bin/bash executable: /bin/bash
register: bw_login register: bw_login
- name: Desbloquear cofre e guardar sessão - name: Desbloquear cofre e guardar sessão
shell: bw unlock --password {{ bw_password }} --raw shell: bw unlock {{ bw_password }} --raw
register: bw_session register: bw_session
environment:
BW_PASSWORD: "{{ BW_PASSWORD }}"
- name: Exportar sessão para ambiente local - name: Exportar sessão para ambiente local
shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh