diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index 1c3f84e..c737f34 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -291,5 +291,3 @@ msmtp_hosts: renovate_hosts: hosts: renovate: -secrets_hosts: - hosts: diff --git a/inventories/external/hosts.yaml b/inventories/external/hosts.yaml index 5d0f9d4..435a9bf 100644 --- a/inventories/external/hosts.yaml +++ b/inventories/external/hosts.yaml @@ -22,5 +22,3 @@ infrastructure_authorized_keys_hosts: ansible_pull_hosts: hosts: status: -secrets_hosts: - hosts: diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml index eab3880..1b37c59 100644 --- a/inventories/z9/hosts.yaml +++ b/inventories/z9/hosts.yaml @@ -57,5 +57,3 @@ ansible_pull_hosts: light: waybackproxy: yate: -secrets_hosts: - hosts: diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index b7ce104..ad866cc 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -6,13 +6,6 @@ tags: - base_config -- name: Ensure secrets deployment on secrets_hosts - hosts: secrets_hosts - roles: - - secrets - tags: - - secrets - - name: Ensure systemd-networkd config deployment on systemd_networkd_hosts hosts: systemd_networkd_hosts roles: diff --git a/roles/secrets/README.md b/roles/secrets/README.md deleted file mode 100644 index ec04665..0000000 --- a/roles/secrets/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Role `secrets` - -Allows storing the given secret contents in the configured files. - -## Supported Distributions - -Should work on Debian-based distributions. - -## Required Arguments - -None. - -## Optional Arguments - -- `secrets__secrets`: List of secrets. - Defaults to the empty list (`[ ]`). -- `secrets__secrets.*.name`: (File)name for the secret (in the `/etc/ansible_secrets` directory). -- `secrets__secrets.*.content`: The secret content to store. -- `secrets__secrets.*.owner`: The owner of the secret file. - Defaults to `root`. -- `secrets__secrets.*.group`: The group of the secret file. - Defaults to `root`. -- `secrets__secrets.*.mode`: The mode of the secret file. - Defaults to `0640`. diff --git a/roles/secrets/defaults/main.yaml b/roles/secrets/defaults/main.yaml deleted file mode 100644 index 882d77b..0000000 --- a/roles/secrets/defaults/main.yaml +++ /dev/null @@ -1 +0,0 @@ -secrets__secrets: [ ] diff --git a/roles/secrets/meta/argument_specs.yaml b/roles/secrets/meta/argument_specs.yaml deleted file mode 100644 index 2562138..0000000 --- a/roles/secrets/meta/argument_specs.yaml +++ /dev/null @@ -1,6 +0,0 @@ -argument_specs: - main: - options: - secrets__secrets: - type: list - required: false diff --git a/roles/secrets/tasks/main.yaml b/roles/secrets/tasks/main.yaml deleted file mode 100644 index 8923397..0000000 --- a/roles/secrets/tasks/main.yaml +++ /dev/null @@ -1,53 +0,0 @@ -- name: validate secret configs - ansible.builtin.validate_argument_spec: - argument_spec: "{{ required_data }}" - provided_arguments: - config: "{{ item }}" - loop: "{{ secrets__secrets }}" - loop_control: - label: "{{ item.name }}" - vars: - required_data: - config: - type: dict - required: true - options: - name: - type: str - required: true - content: - type: str - required: true - owner: - type: str - required: false - default: root - group: - type: str - required: false - default: root - mode: - type: str - required: false - default: "0640" - -- name: ensure secrets directory exists - ansible.builtin.file: - path: "/etc/ansible_secrets" - state: directory - owner: root - group: root - mode: "0750" - become: true - -- name: ensure secrets are present - ansible.builtin.copy: - content: "{{ item.content }}" - dest: "/etc/ansible_secrets/{{ item.name }}" - mode: "{{ item.mode | default('0640') }}" - owner: "{{ item.owner | default('root') }}" - group: "{{ item.group | default('root') }}" - become: true - loop: "{{ secrets__secrets }}" - loop_control: - label: "{{ item.name }}"