31 lines
1.0 KiB
YAML
31 lines
1.0 KiB
YAML
---
|
|
- name: Install age
|
|
ansible.builtin.shell: |
|
|
set -euo pipefail
|
|
if ! command -v age >/dev/null; then
|
|
curl -fsSL https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz | tar xz -C /usr/local/bin --strip-components=1 age/age
|
|
fi
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Install sops
|
|
ansible.builtin.get_url:
|
|
url: https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64
|
|
dest: /usr/local/bin/sops
|
|
mode: '0755'
|
|
|
|
- name: Create SOPS age dir
|
|
ansible.builtin.file:
|
|
path: /root/.config/sops/age
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
# In production, you would inject the private key at runtime; do NOT store it on hosts by default.
|
|
# This task is intentionally a placeholder (disabled by default).
|
|
# - name: (optional) Drop SOPS_AGE_KEY for automation
|
|
# ansible.builtin.copy:
|
|
# dest: /root/.config/sops/age/keys.txt
|
|
# content: "{{ sops_age_private_key }}"
|
|
# mode: '0600'
|
|
# when: sops_age_private_key is defined
|