Update to 2022-02-16 15:00

2022-02-16 15:00:05 +01:00 · 2022-02-16 15:00:05 +01:00 · f8e6edbc75
commit f8e6edbc75
parent 67315d6c81
2 changed files with 39 additions and 14 deletions
--- a/roles/includes/get_rand_pass.yml
+++ b/roles/includes/get_rand_pass.yml
@ -1,24 +1,49 @@
 ---

-  # Check if a password has already been created
- name: Check if password exists
+- name: Check if password file exists
  stat: path={{ pass_file }}
-  register: current_pass
+  register: pass_file_exists
+  tags: always

-  # When no pass exist, create a new one
- name: Install pwgen
-  package: name=pwgen
+#- name: Check if a vault password file exists
+#  stat: path={{ pass_file }}.vault
+#  register: pass_file_vault_exists
+#  tags: always
+#
+## Generate a pass and store it encrypted
+#- when: not pass_file_exists.stat.exists and not pass_file_vault_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
+#  block:
+#    - package: name=pwgen
+#    - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
+#      register: rand_pass
+#      # Now write this new pass
+#    - copy: content={{ rand_pass.stdout | trim | vault(vault_encryption_key) }} dest={{ pass_file }}.vault mode=600
+#  tags: always

- when: not current_pass.stat.exists
+# When no pass exist, create one
+- when: not pass_file_exists.stat.exists # and (not encryption or vault_encryption_key is not defined)
  block:
+    - package: name=pwgen
    - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
      register: rand_pass
      # Now write this new pass
    - copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600
+  tags: always

-  # When pass already exists, just read it
- name: Read the password
-  slurp: src={{ pass_file }}
-  register: rand_pass
- set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
+# Read the encrypted pass
+#- when: not pass_file_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
+#  block:
+#    - name: Read the password
+#      slurp: src={{ pass_file }}.vault
+#      register: rand_pass
+#    - set_fact: rand_pass={{ rand_pass.content | b64decode | trim | unvault(vault_encryption_key) }}
+#  tags: always
+
+# Read unencrypted pass file (compat)
+- block:
+    - name: Read the password
+      slurp: src={{ pass_file }}
+      register: rand_pass
+    - set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
+  tags: always

--- a/roles/penpot/defaults/main.yml
+++ b/roles/penpot/defaults/main.yml
@ -1,7 +1,7 @@
 ---

 # Penpot version to deploy
-penpot_version: 1.11.0-beta
+penpot_version: 1.11.2-beta
 # SHould ansible manage upgrades. If False, only the initial install will be done
 penpot_manage_upgrade: True

@ -10,7 +10,7 @@ penpot_root_dir: /opt/penpot
 # URL of the archive
 penpot_archive_url: https://github.com/penpot/penpot/archive/refs/tags/{{ penpot_version }}.tar.gz
 # Expected sha256 of the archive
-penpot_archive_sha256: bef65fd065e6bc36e31b9395433f9b4393186ddafd1413b1bc46f4e3d8c22fa0
+penpot_archive_sha256: 53841697c889989d83851f4759713d0cbe62648b12cee065a78f7cea2986d818
 # User under which penpot will run. Will be created
 penpot_user: penpot