From 090ec6c881f6dafbd28e499e4721a746a0064c5e Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sat, 2 Jan 2021 22:37:59 +0100
Subject: [PATCH] enable ansible vault

---
 .gitignore                     |  1 +
 .gitmodules                    |  3 +++
 ansible.cfg                    |  2 +-
 host_vars/mail01.l3d.space.yml | 13 +++++++++++++
 roles/geerlingguy.mysql        |  1 +
 site.yml                       |  1 +
 6 files changed, 20 insertions(+), 1 deletion(-)
 create mode 160000 roles/geerlingguy.mysql

diff --git a/.gitignore b/.gitignore
index 63b154d..a87d544 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@ tags
 # ---> Ansible
 *.retry
 *.vault
+.vault
diff --git a/.gitmodules b/.gitmodules
index a970033..5ccf24e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -46,3 +46,6 @@
 [submodule "roles/unbound"]
 	path = roles/unbound
 	url = git@git.ccczh.ch:ansible-roles/role-unbound.git
+[submodule "roles/geerlingguy.mysql"]
+	path = roles/geerlingguy.mysql
+	url = https://github.com/geerlingguy/ansible-role-mysql.git
diff --git a/ansible.cfg b/ansible.cfg
index 53e10e2..889c7cf 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -16,7 +16,7 @@ stdout_callback = yaml
 
 interpreter_python = /usr/bin/python3
 
-# vault_password_file  =./.vault
+vault_password_file  =./.vault
 
 [ssh_connection]
 control_path = %(directory)s/%%h-%%r-%%p
diff --git a/host_vars/mail01.l3d.space.yml b/host_vars/mail01.l3d.space.yml
index 792d804..3d0dfa1 100644
--- a/host_vars/mail01.l3d.space.yml
+++ b/host_vars/mail01.l3d.space.yml
@@ -37,3 +37,16 @@ firewall_allowed_tcp_ports:
   - "80"
   - "443"
 fail2ban_destemail: "fail2ban_notify_{{ inventory_hostname }}@l3d.yt"
+
+# mysql
+mysql_bind_address: '127.0.0.1'
+mysql_root_password: super-secure-password
+mysql_databases:
+  - name: example_db
+    encoding: latin1
+    collation: latin1_general_ci
+mysql_users:
+  - name: example_user
+    host: "%"
+    password: similarly-secure-password
+    priv: "example_db.*:ALL"
diff --git a/roles/geerlingguy.mysql b/roles/geerlingguy.mysql
new file mode 160000
index 0000000..4940d8c
--- /dev/null
+++ b/roles/geerlingguy.mysql
@@ -0,0 +1 @@
+Subproject commit 4940d8cd41e40320f52ea694a0b169b03034c735
diff --git a/site.yml b/site.yml
index 6cd4a3e..5535a2d 100644
--- a/site.yml
+++ b/site.yml
@@ -35,5 +35,6 @@
     - { role: acmetool_fix, tags: [mail,acmetool]}
     - { role: acmetool2, tags: [mail,acmetool]}
     - { role: nginx2, tags: [mail,nginx]}
+    - { role: geerlingguy.mysql, tags: [mail,mysql,mariadb]}
     - { role: robertdebock.dovecot, tags: [mail,postfix]}
 #    - { role: dovecot, tags: [mail,dovecot]}