take vault password from secret service

This commit is contained in:
Pim Kunis 2023-02-24 21:50:17 +01:00
parent e96cfc90b5
commit c5f03b7b29
5 changed files with 15 additions and 11 deletions

View file

@ -15,15 +15,6 @@ My current setup is [Linux Mint Vera](https://linuxmint.com/edition.php?id=302)
- i3 app shortcuts
- firefox config? extensions? host own synchronizer?
Would like Ansible Vault to check in keypair for syncthing.
However, then I would need a password to unlock the vault.
As it is publicly available, password needs to be long and strong.
I can just put it in my keepass, but can be annoying to copy every time.
Therefore, I could make this available using Secret Service and write a script to fetch it.
However, keepass cannot run secret service as Ubuntu already runs one.
But if I disable that, my SSH agent does not work anymore.
As an intermediate solution, I can just put the password in keepass...
#### Neovim
- More cool plugins :)

View file

@ -1,8 +1,8 @@
[defaults]
roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
inventory=inventory
vault_password_file=./.vault_password
playbook_dir=playbooks
vault_password_file=util/secret-service-client.sh
[privilege_escalation]
become_ask_pass=true

View file

@ -1,7 +1,13 @@
- name: Uninstall gnome-keyring
apt:
name: gnome-keyring
state: absent
- name: Install Keepassxc
become: true
apt:
name: keepassxc
pkg:
- keepassxc
- libsecret-tools
- name: Create keepassxc config directory
file:
path: ~/.config/keepassxc
@ -21,3 +27,4 @@
section: SSHAgent
option: AuthSockOverride
value: "{{ ssh_agent_socket }}"
no_extra_spaces: true

View file

@ -14,6 +14,7 @@
- tree
- wireshark
- units
- unrar
- name: Install .gitconfig
template:
src: "{{ role_path }}/templates/.gitconfig.j2"

5
util/secret-service-client.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
secret-tool lookup ansible_vault homeservers