From 7254bf0a8f3fcf64b2ecf07de46fcafdc9e9c54f Mon Sep 17 00:00:00 2001
From: mgutzeit <moritz.gutzeit@proton.me>
Date: Wed, 18 Dec 2024 14:39:04 +0100
Subject: [PATCH] feat: added vault encryption and linting

---
 ansible-lint.yml                              |   5 +++
 ansible.cfg                                   |   1 +
 group_vars/all/users.yml                      |   6 ++--
 group_vars/all/vault.yml                      |  31 ++++++++++++++++++
 group_vars/database/mariadb.yml               |   4 +--
 requirements.yml                              |   3 ++
 roles/debian/templates/.resolv.conf.j2.swp    | Bin 12288 -> 0 bytes
 roles/nginx/tasks/main.yml                    |   4 +--
 .../index.htm => templates/index.htm.j2}      |   2 +-
 vault.sh                                      |   3 ++
 10 files changed, 51 insertions(+), 8 deletions(-)
 create mode 100644 ansible-lint.yml
 create mode 100644 group_vars/all/vault.yml
 create mode 100644 requirements.yml
 delete mode 100644 roles/debian/templates/.resolv.conf.j2.swp
 rename roles/nginx/{files/index.htm => templates/index.htm.j2} (97%)
 create mode 100755 vault.sh

diff --git a/ansible-lint.yml b/ansible-lint.yml
new file mode 100644
index 0000000..eb36eeb
--- /dev/null
+++ b/ansible-lint.yml
@@ -0,0 +1,5 @@
+---
+
+skip_list:
+#  - name[play]
+# ...
diff --git a/ansible.cfg b/ansible.cfg
index 95e5989..2075563 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -7,6 +7,7 @@ interpreter_python = auto_silent
 inventory = hosts.ini
 # roles_path = ./roles
 library = ./library
+vault_password_file = vault.sh
 
 # bin_ansible_callbacks = true
 # stdout_callback = unixy
diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
index 8d81d15..ee51db7 100644
--- a/group_vars/all/users.yml
+++ b/group_vars/all/users.yml
@@ -4,16 +4,16 @@ users:
     gid: 0
     groups: sudo
     shell: /bin/bash
-    password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0
+    password: "{{ vault_users_root_password }}" 
   - name: admin
     uid: 1040
     gid: 1040
     groups: sudo
     shell: /bin/zsh
-    password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0
+    password: "{{ vault_users_admin_password }}" 
   - name: developer 
     uid: 1050
     gid: 1050
     groups: 
     shell: /bin/zsh
-    password: $6$R0En0ee9OeDp3ikb$Rl3aXOCw0Me9Jm8/0hTjgII2xm1L2K5/v1oAd0MoP13/Q7zT0YRNoF2TGlQ23jF7K90z8iVs4km8JvK.2JhkU0
+    password: "{{ vault_users_developer_password }}" 
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
new file mode 100644
index 0000000..6745c0b
--- /dev/null
+++ b/group_vars/all/vault.yml
@@ -0,0 +1,31 @@
+$ANSIBLE_VAULT;1.1;AES256
+31636137326330653966373338383233613636346434363432633431653039656364363031653135
+6164626261666535396362303361313938393839306132350a373037393466313962363864643237
+39323531393536626465386265323635303434316433656235373366363765643762336437396534
+3966303966666437320a653565646164653235616433386463386339653535353631356132663135
+38353065373565336534666664323831373562393433653732353231643662623364353734613532
+38626331626634396663346639393162303633363736356466643462333661303966386133656633
+66303234326532666535323862353766623535636165643337663666353737643930303763313563
+66616264363531623238623862363931373263623263343937623732366361336137616130376461
+64613061616266303563643432646233633465346535393363346131313663653534373063623261
+32383165663162313162323963613530323035366337646264306635626264383636303234643338
+35373837313635363663393238663139333262386135653362643064333334643133323461366565
+62343566343230376462633834303964303564333263346634633737336366373638653736336531
+39363532333630303133353730306637646638333263633134343962313634313233663365356437
+37346236613736653532363039336231656631333230613437663262313633663434623038393639
+32343461303131333431653239346561623733663538306432663634326565663639306439333130
+65613061313835633862373965356534376132346330396438336565366333393466616436363264
+66346439366166353138353336383432336136663636653764663862636638366231656664633434
+35363535383938613966663337616461636136346465313430643538396566633239613933613633
+65666430366434313462393638656562653763336131316665623431643834653063316661366364
+35613964613264633737363935663331393839383833623033636638373463633538326136383034
+30626161663663613730303166363861363132386334623533643564363532373535323965346161
+39653762626439363431663561623365393464356262373233306432663033396138633632363236
+33653239616236393636613139336338356533653265353838663731316534323765626534386634
+36623163643338623763396461323537393563303631363032303138336433303034343464646430
+37376139383366616235393635353166393237393939633966646365313466316361373536653336
+36323132643561323837323137636335663636316339386466613834656639303339633235623830
+30376638653636393038323536323933383737633038383536613739626166633366653166323766
+65363165626166613366376664663963346465653834666161336639373035666531653033633837
+39316366376134626136323763336530323534306330613365386461353866616362313130373136
+6536613331353562303937626437623763623834323032323761
diff --git a/group_vars/database/mariadb.yml b/group_vars/database/mariadb.yml
index 5537112..774583e 100644
--- a/group_vars/database/mariadb.yml
+++ b/group_vars/database/mariadb.yml
@@ -6,8 +6,8 @@ mariadb:
 
   users:
     - name: webapp
-      password: w3b4pp
+      password: "{{ vault_databases_users_webapp_pass }}"
       priv: '*.*:ALL'
     - name: webapp_backup
-      password: w3b4pp_b4ckup
+      password: "{{ vault_databases_users_webapp_backup_pass }}"
       priv: '*.*:ALL'
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..849169c
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,3 @@
+---
+
+
diff --git a/roles/debian/templates/.resolv.conf.j2.swp b/roles/debian/templates/.resolv.conf.j2.swp
deleted file mode 100644
index 4c88f6a4e5920e31248a5ac7a1db08da483e5fb4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12288
zcmeI&y-LJD5C`yy!gZo(Ww&}<nU6ageFO_j?KjEhj3k?|Nv;XeH}C^{J8Nqn!Z-2W
z!C8$EgyX<Y`7aEcoy;uk4^o6A3@%R3#EBOWj~$}+Ih?=jk7)DJAyX8!O|KidG?goL
zm4=xLrmL&3?S_6|=vL8XlQnwon<7({AFD8x+OJh!X0qmlQB{#Gyr|HLcQsqREABu5
z0&4}DI&qJ;=x8?meALH>2V!scd~F*FAOHafKmY;|fB*y_0D=D_P?rwf@NqW!BaQmm
z`7!rPOb~zo1Rwwb2tWV=5P$##AOHaf{6PU36Ul9&2M+uF|NH%a$?JEHH;z}1Ck|V4
z&vD0b%Ygv_2tWV=5P$##AOHafKmY;|fWWT=+P0ktrQ@V9V$zY8xvG>|C?ncdd|i2I
gDY}lvgN!Y+IqtQMeMhRrpr3c+9$(eb@Xvbs0A_MnS^xk5

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index c58b0b5..3f9d8aa 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -35,8 +35,8 @@
         dest: /etc/nginx/sites-enabled/default
 
   - name: Defaultpage
-    copy:
-      src: index.htm
+    template:
+      src: index.htm.j2
       dest: /var/www/html/index.nginx-debian.html
       owner: root
       group: root
diff --git a/roles/nginx/files/index.htm b/roles/nginx/templates/index.htm.j2
similarity index 97%
rename from roles/nginx/files/index.htm
rename to roles/nginx/templates/index.htm.j2
index e2c31b6..ff570d6 100644
--- a/roles/nginx/files/index.htm
+++ b/roles/nginx/templates/index.htm.j2
@@ -40,7 +40,7 @@
 	<body>
 		    <header>
 			            <h1>Willkommen zur Ansible-Schulung</h1>
-				            <p>Automatisierung leicht gemacht</p>
+				    <p>Automatisierung leicht gemacht auf dem {{ ansible_hostname }}</p>
 					        </header>
 
 						    <main>
diff --git a/vault.sh b/vault.sh
new file mode 100755
index 0000000..2488e25
--- /dev/null
+++ b/vault.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Ansible2024"