fix al container. ora va per davvero e ci sono le password in un .env.yml

2025-09-07 12:53:47 +02:00 · 2025-09-07 12:53:47 +02:00 · 5941ed27b2
commit 5941ed27b2
parent 75dfd49a53
9 changed files with 35 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,6 @@
+# passwords
+.env.yml
+
 # ---> Ansible
 *.retry

@ -14,8 +17,8 @@ crash.log
 crash.*.log

 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@ -39,4 +42,3 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
-
--- a/README.md
+++ b/README.md
@ -14,6 +14,11 @@ Teniamo libero il 10.10.0.21 per il povero container che sta venendo abbattuto e

 `ansible-galaxy collection install -r requirements.yml`

+In più, bisogna creare un file `.env.yml` nella root del progetto con questo template
+`
+PROXMOX_PASSWORD: "segretissima0"
+XMPP_PASSWORD: "segretissima1"
+`

 ### Per dare vita al container e alla configurazione di Prosody
 #### _mado quanto è swag sta cosa_
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -1,4 +1,3 @@
 # Variabili per la creazione del container
-root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+# root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}" #dovrebbe essere nel file .env
 ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
-
--- a/group_vars/proxmox_nodes.yml
+++ b/group_vars/proxmox_nodes.yml
@ -1,3 +1,3 @@
 proxmox_host: 192.168.1.100:8006
 proxmox_user: root@pam
-proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}"
+# proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}" #dovrebbe essere nel file .env
--- a/playbooks/configure_lxc.yml
+++ b/playbooks/configure_lxc.yml
@ -1,9 +1,13 @@
 - name: Configura container LXC
  hosts: lxc_containers
+  gather_facts: false
+  become: true
+
+  vars_files:
+    - ../.env.yml
+
  vars:
    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
-  gather_facts: false
-  become: yes

  tasks:
    - name: Wait until SSH is fully ready (Ansible login confirms availability)
--- a/playbooks/configure_prosody.yml
+++ b/playbooks/configure_prosody.yml
@ -1,4 +1,6 @@
 - name: Configura Prosody (xmpp) sul container
  hosts: lxc_containers
+  vars_files:
+    - ../.env.yml
  roles:
    - prosody
--- a/playbooks/create_lxc.yml
+++ b/playbooks/create_lxc.yml
@ -1,8 +1,12 @@
 - name: Crea container lxc per prosody (xmpp)
  hosts: proxmox_nodes
  gather_facts: false
+
+  vars_files:
+    - ../.env.yml
+
  vars:
-    root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+    # root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}" #dovrebbe essere nel file .env
    ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
    vmid: 121

@ -11,7 +15,7 @@
      community.general.proxmox:
        api_host: "{{ proxmox_url }}"
        api_user: "{{ proxmox_user }}"
-        api_password: "{{ proxmox_password }}"
+        api_password: "{{ PROXMOX_PASSWORD }}"
        vmid: "{{ vmid }}"
        node: milan
        hostname: xmpp
@ -22,7 +26,7 @@
        netif:
          net0: "name=eth0,bridge=vmbr1,ip=10.10.0.21/16,gw=10.10.0.1"
        pubkey: "{{ ssh_public_key }}"
-        password: "{{ root_password }}"
+        password: "{{ XMPP_PASSWORD }}"
        features: "nesting=1"
        state: present
      delegate_to: localhost
@ -32,7 +36,7 @@
      community.general.proxmox:
        api_host: "{{ proxmox_url }}"
        api_user: "{{ proxmox_user }}"
-        api_password: "{{ proxmox_password }}"
+        api_password: "{{ PROXMOX_PASSWORD }}"
        vmid: "{{ vmid }}"
        node: milan
        state: started # Tutto questo blocco è riassumibile in questa riga
--- a/roles/prosody/defaults/main.yml
+++ b/roles/prosody/defaults/main.yml
@ -1,4 +1,4 @@
 prosody_domain: "xmpp.hackinpovo.it"
 prosody_admin: "admin@{{ prosody_domain }}"
 prosody_package: prosody
-xmpp_admin_password: "{{ lookup('env', 'XMPP_ADMIN_PASSWORD') }}"
+# xmpp_admin_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"  # Dovrebbe essere nel file .env.yml
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@ -19,10 +19,9 @@
    state: started
    enabled: yes

- name: Create XMPP admin user
-  ansible.builtin.expect:
-    command: prosodyctl adduser admin@{{ xmpp_domain }}
-    responses:
-      "Enter new password:": "{{ xmpp_admin_password }}"
-      "Retype new password:": "{{ xmpp_admin_password }}"
-    become: yes
+- name: Create XMPP admin user non-interactively
+  ansible.builtin.command:
+    cmd: prosodyctl register admin {{ prosody_domain }} {{ XMPP_PASSWORD }}
+  args:
+    creates: "/var/lib/prosody/{{ prosody_domain }}/accounts/admin.dat"
+  become: yes