hashi vault lookups

.gitignore

@@ -2,6 +2,9 @@
 **/.terraform/*
 **/.terraform
 
+.ansible/
+.vscode/
+
 ansible/collections/**
 
 # registry password file

ansible/inventory/group_vars/aur_repo_hosts/aur_repo_host.yml

@@ -0,0 +1 @@
+# code: language=ansible

ansible/inventory/host_vars/dev.balsillie.house/ansible_connection.yml

@@ -0,0 +1,17 @@
+# code: language=ansible
+
+# Connection (SSH)
+
+ansible_connection: ansible.builtin.ssh
+ansible_ssh_host: dev.balsillie.house
+ansible_ssh_port: 22
+ansible_ssh_host_key_checking: false
+ansible_ssh_pipelining: false
+ansible_ssh_user: ladmin
+ansible_ssh_private_key_file: ~/.ssh/conf.d/home/dev.balsillie.house.key
+
+# Become (sudo)
+
+ansible_become_method: ansible.builtin.sudo
+ansible_become_user: root
+ansible_become_password: "{{ lookup('community.hashi_vault.vault_kv1_get', 'ansible/host_vars/dev.balsillie.house/ansible_connection').secret.ansible_become_password }}" # noqa yaml[line-length]

ansible/inventory/inventory.yaml

@@ -1,5 +1,8 @@
 all:
   children:
+    aur_repo_hosts:
+      hosts:
+        dev.balsillie.house:
     firewalls:
       children:
         opnsense:

ansible/playbooks/home.yml

@@ -0,0 +1,7 @@
+# code: language=ansible
+
+- name: AUR Repo
+  hosts: aur_repo_hosts
+  become: true
+  roles:
+    - aur_repo_host

ansible/playbooks/roles

@@ -0,0 +1 @@
+../roles