50 lines
1.8 KiB
YAML
50 lines
1.8 KiB
YAML
---
|
|
|
|
- name: Check if password file exists
|
|
stat: path={{ pass_file }}
|
|
register: pass_file_exists
|
|
tags: always
|
|
|
|
#- name: Check if a vault password file exists
|
|
# stat: path={{ pass_file }}.vault
|
|
# register: pass_file_vault_exists
|
|
# tags: always
|
|
#
|
|
## Generate a pass and store it encrypted
|
|
#- when: not pass_file_exists.stat.exists and not pass_file_vault_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
|
|
# block:
|
|
# - package: name=pwgen
|
|
# - shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
|
|
# register: rand_pass
|
|
# # Now write this new pass
|
|
# - copy: content={{ rand_pass.stdout | trim | vault(vault_encryption_key) }} dest={{ pass_file }}.vault mode=600
|
|
# tags: always
|
|
|
|
# When no pass exist, create one
|
|
- when: not pass_file_exists.stat.exists # and (not encryption or vault_encryption_key is not defined)
|
|
block:
|
|
- package: name=pwgen
|
|
- shell: pwgen {% if complex | default(True) %}-y -r \`\'\"\\\|\^\# {% endif %}-s {{ pass_size | default(50) }} 1
|
|
register: rand_pass
|
|
# Now write this new pass
|
|
- copy: content={{ rand_pass.stdout | trim }} dest={{ pass_file }} mode=600
|
|
tags: always
|
|
|
|
# Read the encrypted pass
|
|
#- when: not pass_file_exists.stat.exists and encryption | default(True) and vault_encryption_key is defined
|
|
# block:
|
|
# - name: Read the password
|
|
# slurp: src={{ pass_file }}.vault
|
|
# register: rand_pass
|
|
# - set_fact: rand_pass={{ rand_pass.content | b64decode | trim | unvault(vault_encryption_key) }}
|
|
# tags: always
|
|
|
|
# Read unencrypted pass file (compat)
|
|
- block:
|
|
- name: Read the password
|
|
slurp: src={{ pass_file }}
|
|
register: rand_pass
|
|
- set_fact: rand_pass={{ rand_pass.content | b64decode | trim }}
|
|
tags: always
|
|
|