enable ansible vault

DO1JLR · Jan 2, 2021 · 090ec6c · 090ec6c
1 parent a6529a7
commit 090ec6c
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,4 @@ tags
 # ---> Ansible
 *.retry
 *.vault
+.vault
diff --git a/.gitmodules b/.gitmodules
@@ -46,3 +46,6 @@
 [submodule "roles/unbound"]
 	path = roles/unbound
 	url = [email protected]:ansible-roles/role-unbound.git
+[submodule "roles/geerlingguy.mysql"]
+	path = roles/geerlingguy.mysql
+	url = https://github.com/geerlingguy/ansible-role-mysql.git
diff --git a/ansible.cfg b/ansible.cfg
@@ -16,7 +16,7 @@ stdout_callback = yaml
 
 interpreter_python = /usr/bin/python3
 
-# vault_password_file  =./.vault
+vault_password_file  =./.vault
 
 [ssh_connection]
 control_path = %(directory)s/%%h-%%r-%%p

diff --git a/host_vars/mail01.l3d.space.yml b/host_vars/mail01.l3d.space.yml
@@ -37,3 +37,16 @@ firewall_allowed_tcp_ports:
   - "80"
   - "443"
 fail2ban_destemail: "fail2ban_notify_{{ inventory_hostname }}@l3d.yt"
+
+# mysql
+mysql_bind_address: '127.0.0.1'
+mysql_root_password: super-secure-password
+mysql_databases:
+  - name: example_db
+    encoding: latin1
+    collation: latin1_general_ci
+mysql_users:
+  - name: example_user
+    host: "%"
+    password: similarly-secure-password
+    priv: "example_db.*:ALL"
diff --git a/roles/geerlingguy.mysql b/roles/geerlingguy.mysql
diff --git a/site.yml b/site.yml
@@ -35,5 +35,6 @@
     - { role: acmetool_fix, tags: [mail,acmetool]}
     - { role: acmetool2, tags: [mail,acmetool]}
     - { role: nginx2, tags: [mail,nginx]}
+    - { role: geerlingguy.mysql, tags: [mail,mysql,mariadb]}
     - { role: robertdebock.dovecot, tags: [mail,postfix]}
 #    - { role: dovecot, tags: [mail,dovecot]}
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,3 +22,4 @@ tags @@
     # ---> Ansible
     *.retry
     *.vault
+    .vault