adding passwords with ansible post
This commit is contained in:
parent
cd6c2b5f43
commit
6038a327cf
171
content/post/2019-01-19-updating-passwords-with-ansible.md
Normal file
171
content/post/2019-01-19-updating-passwords-with-ansible.md
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
---
|
||||||
|
title: "Updating passwords with Ansible"
|
||||||
|
date: 2019-01-19T00:00:00+01:00
|
||||||
|
draft: false
|
||||||
|
share: false
|
||||||
|
---
|
||||||
|
|
||||||
|
I've recently migrated from [KeePassXC](https://keepassxc.org/) to [Bitwarden_RS](https://github.com/dani-garcia/bitwarden_rs) (which I highly recommend, by the way) to manage my passwords.
|
||||||
|
|
||||||
|
I figured it was an opportunity to update passwords I hadn't changed in... *years*. My Linux users' passwords were among those.
|
||||||
|
|
||||||
|
Instead of updating them manually on each machine, I thought there might be a way to do so with Ansible, and since it turns out there is, I thought I might as well share it here!
|
||||||
|
|
||||||
|
**Please be careful when it comes to password modification automation. You might end up locking yourself out of your servers.**
|
||||||
|
|
||||||
|
## Generating password hashes
|
||||||
|
|
||||||
|
First thing first, we'll need to generate `passwd` compatible password hashes for our users.
|
||||||
|
|
||||||
|
In this example, I'll generate a hash for the *P@ssw0rd* password :
|
||||||
|
```
|
||||||
|
mkpasswd -m sha-512
|
||||||
|
Password:
|
||||||
|
$6$wAVPV.Coc$o3FNxs9EPgXF54hv1BeKtfoMnLwE5VATL71jlHQHeVyCaevnnxfSp/x1UbJ00F3qlyyfUAmscuGXImoHmXBFa.
|
||||||
|
```
|
||||||
|
|
||||||
|
You might notice you'll get a different result if you run the same command again :
|
||||||
|
```
|
||||||
|
mkpasswd -m sha-512
|
||||||
|
Password:
|
||||||
|
$6$iFBWJD3300m$CYZJRSfZ4scHYNI9ggqe8WYef7Qym2Oi5ycgb64VsbU3.WM1GoJYlh1sawENTD7nrXVCthvs8LRPw1CVjzkP71
|
||||||
|
```
|
||||||
|
|
||||||
|
That's because, unless you specify it, the salt used by `mkpasswd` to encrypt the password is random.
|
||||||
|
|
||||||
|
You can choose a salt with the `-S` parameter if you want :
|
||||||
|
```
|
||||||
|
mkpasswd -m sha-512 -S hmmmsalt
|
||||||
|
Password:
|
||||||
|
$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/
|
||||||
|
|
||||||
|
mkpasswd -m sha-512 -S hmmmsalt
|
||||||
|
Password:
|
||||||
|
$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/
|
||||||
|
captainark@heimdall ~ %
|
||||||
|
```
|
||||||
|
|
||||||
|
## Ansible vault
|
||||||
|
|
||||||
|
Passwords are *secrets*. Even if there are hashed, you don't want them to be publicly accessible.
|
||||||
|
|
||||||
|
If, like me, your Ansible configuration is in a git repository, you should not commit them in an unencrypted file.
|
||||||
|
|
||||||
|
Ansible offers a way to encrypt a file containing variables with the `ansible-vault` command.
|
||||||
|
|
||||||
|
We first have to create a vault :
|
||||||
|
```
|
||||||
|
cd /your/ansible/project
|
||||||
|
mkdir -p group_vars/all/
|
||||||
|
ansible-vault create group_vars/all/vault.yml
|
||||||
|
New Vault password:
|
||||||
|
Confirm New Vault password:
|
||||||
|
```
|
||||||
|
|
||||||
|
As you can see, the command will ask you to provide a password for the vault. It will then open the file in your `$EDITOR` (that'll be `vim` if you're a cool kid).
|
||||||
|
|
||||||
|
The file is like any Ansible vault file. I'll create a variable for the `root` and `captainark` users in my case :
|
||||||
|
```yaml
|
||||||
|
vault_captainarkpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
vault_rootpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
```
|
||||||
|
|
||||||
|
An [Ansible best practice](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#variables-and-vaults) is to prepend all variables that are stored in a vault with the `vault_` prefix. It makes where they are stored clear when reading through a playbook.
|
||||||
|
|
||||||
|
Once saved, if you try to `cat` the file, you won't be able to see its actual content :
|
||||||
|
```
|
||||||
|
cat group_vars/all/vault.yml
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32393530376537323233633636316330373136316265316662646437393533376135666232656366
|
||||||
|
3335623863333865666133666634633233616531636634370a663965356466383039326262313066
|
||||||
|
62633434396465313666333032663130343434326665386333323733633062613832653530393761
|
||||||
|
6333653338393231640a623938616634626462653965613766313335386136333362313033363735
|
||||||
|
64313662623039363365326639633231306335366432306361613837656364356464373837656565
|
||||||
|
61636538376262333762376235306337303531386638643632316361323037393230366537393132
|
||||||
|
35373861373863613666303531353737373130353330643535353238633665653236633130653064
|
||||||
|
39346330326566633262613535386633613565633566623934613066613238353739386133346535
|
||||||
|
64643762333462653966633363653439633037373161316663646261663764393332653732656335
|
||||||
|
61373462666336343533333162663637656236333739633065623939323937663137376431346231
|
||||||
|
38653338386539383663613230656165313566363733396134386366626430313235343264643938
|
||||||
|
64306163353437366362616166666565316663366163346565313436343537366330363932303038
|
||||||
|
37653138643165353138393466343063666535313933663066633832353331643838356539303533
|
||||||
|
61626237356538353261326136613239336662346337363331393037623863623433336432353461
|
||||||
|
32356136316339623139346330333235363331653634373836333730653436636563323134616337
|
||||||
|
36643433356133376138
|
||||||
|
```
|
||||||
|
|
||||||
|
To view the variables in the file, you can use the `ansible-vault view` command :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
ansible-vault view group_vars/all/vault.yml
|
||||||
|
Vault password:
|
||||||
|
vault_captainarkpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
vault_rootpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
```
|
||||||
|
|
||||||
|
To edit the vault's content, you can use the `ansible-vault edit group_vars/all/vault.yml` command.
|
||||||
|
|
||||||
|
## The playbook
|
||||||
|
|
||||||
|
Now that our vault is ready, all that's left is to run the following playbook :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: PASSWORDS | Check if the captainark user exists
|
||||||
|
shell: id -u captainark
|
||||||
|
register: captainark_exists
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: PASSWORDS | Update captainark password
|
||||||
|
user:
|
||||||
|
name: captainark
|
||||||
|
password: "{{ vault_captainarkpwd }}"
|
||||||
|
update_password: always
|
||||||
|
when: captainark_exists.rc == 0
|
||||||
|
|
||||||
|
- name: PASSWORDS | Create captainark user
|
||||||
|
user:
|
||||||
|
name: captainark
|
||||||
|
password: "{{ vault_captainarkpwd }}"
|
||||||
|
shell: /usr/bin/zsh
|
||||||
|
uid: 1000
|
||||||
|
groups: adm,sudo,apps
|
||||||
|
when: captainark_exists.rc != 0
|
||||||
|
|
||||||
|
- name: PASSWORDS | Update root password
|
||||||
|
user:
|
||||||
|
name: root
|
||||||
|
password: "{{ vault_rootpwd }}"
|
||||||
|
update_password: always
|
||||||
|
```
|
||||||
|
|
||||||
|
I've called this playbook `passwords.yml`. To run it, I simply execute the following command :
|
||||||
|
```
|
||||||
|
ansible-playbook passwords.yml --ask-vault-pass
|
||||||
|
```
|
||||||
|
|
||||||
|
The command asks for the vault password to decrypt its contents.
|
||||||
|
|
||||||
|
The playbook will first check if the `captainark` user exists, and it will update its password if it does. If it doesn't, the user will be created with the defined options.
|
||||||
|
|
||||||
|
Since the `root` user should always exist, the playbook changes its password without checking.
|
||||||
|
|
||||||
|
**N.B. :** If you've decided to store your vault somewhere else, you might need to add a task at the beginning of the playbook to load it, like so :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- name: PASSWORDS | Load the vault
|
||||||
|
include_vars: /path/to/your/vault.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
## Conclusion
|
||||||
|
|
||||||
|
That's all! As always, I hope someone finds this article useful!
|
||||||
|
|
||||||
|
If you do, please let me know in the comments here, on [Twitter](https://twitter.com/captainark) or on the [Fediverse](https://social.captainark.net/users/captainark/)!
|
||||||
|
|
||||||
|
Also, if you have any questions, feel free to hit me up on my [Rocket.Chat](https://chat.captainark.net) instance! Hopefully I'll write about it in the future!
|
@ -345,6 +345,13 @@ deb https://deb.debian.org/debian stretch-backports main contrib non-free
|
|||||||
|
|
||||||
<aside class="read-next">
|
<aside class="read-next">
|
||||||
|
|
||||||
|
<a class="read-next-story" style="no-cover" href="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/">
|
||||||
|
<section class="post">
|
||||||
|
<h2>Updating passwords with Ansible</h2>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
|
||||||
<a class="read-next-story prev" style="no-cover" href="https://www.captainark.net/2018/11/27/self-hosted-report-uri/">
|
<a class="read-next-story prev" style="no-cover" href="https://www.captainark.net/2018/11/27/self-hosted-report-uri/">
|
||||||
<section class="post">
|
<section class="post">
|
||||||
|
543
public/2019/01/19/updating-passwords-with-ansible/index.html
Normal file
543
public/2019/01/19/updating-passwords-with-ansible/index.html
Normal file
@ -0,0 +1,543 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en-us">
|
||||||
|
<head>
|
||||||
|
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<meta name="twitter:card" content="summary"/>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<meta name="twitter:title" content="Updating passwords with Ansible"/>
|
||||||
|
<meta name="twitter:description" content=""/>
|
||||||
|
<meta name="twitter:site" content="@"/>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<meta property="og:title" content="Updating passwords with Ansible · Sysadmining. All day. Every day." />
|
||||||
|
<meta property="og:site_name" content="Sysadmining. All day. Every day." />
|
||||||
|
<meta property="og:url" content="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<meta property="og:image" content="/images/cover.jpg"/>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<meta property="og:description" content="" />
|
||||||
|
<meta property="og:type" content="article" />
|
||||||
|
<meta property="article:published_time" content="2019-01-19T00:00:00+01:00" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<title>Updating passwords with Ansible · Sysadmining. All day. Every day.</title>
|
||||||
|
|
||||||
|
|
||||||
|
<meta name="description" content="I&rsquo;ve recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.
|
||||||
|
I figured it was an opportunity to up" />
|
||||||
|
|
||||||
|
|
||||||
|
<meta name="HandheldFriendly" content="True" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||||
|
|
||||||
|
<link rel="shortcut icon" href="https://www.captainark.net/images/favicon.ico">
|
||||||
|
<link rel="apple-touch-icon" href="https://www.captainark.net/images/apple-touch-icon.png" />
|
||||||
|
|
||||||
|
<link rel="stylesheet" type="text/css" href="https://www.captainark.net/css/screen.css" />
|
||||||
|
<link rel="stylesheet" type="text/css" href="https://www.captainark.net/css/nav.css" />
|
||||||
|
<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Merriweather:300,700,700italic,300italic|Open+Sans:700,400|Inconsolata:700,400" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/styles/solarized-light.min.css" integrity="sha384-bFKDPkG3geCujYJIbPornilfOgmYQoPS45Oh/8daqqo1SUwNY06OeHorpgnNvx82" crossorigin="anonymous">
|
||||||
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/highlight.min.js" integrity="sha384-BlPof9RtjBqeJFskKv3sK3dh4Wk70iKlpIe92FeVN+6qxaGUOUu+mZNpALZ+K7ya" crossorigin="anonymous"></script>
|
||||||
|
|
||||||
|
<script type="text/javascript" src="https://www.captainark.net/js/hjsload.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<link href="https://www.captainark.net/index.xml" rel="alternate" type="application/rss+xml" title="Sysadmining. All day. Every day." />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<meta name="generator" content="Hugo 0.53" />
|
||||||
|
|
||||||
|
<link rel="canonical" href="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<script type="application/ld+json">
|
||||||
|
{
|
||||||
|
"@context": "https://schema.org",
|
||||||
|
"@type": "Article",
|
||||||
|
"publisher": {
|
||||||
|
"@type": "Organization",
|
||||||
|
"name": ,
|
||||||
|
"logo": https://www.captainark.net/images/logo.png
|
||||||
|
},
|
||||||
|
"author": {
|
||||||
|
"@type": "Person",
|
||||||
|
"name": ,
|
||||||
|
|
||||||
|
"image": {
|
||||||
|
"@type": "ImageObject",
|
||||||
|
"url": https://www.captainark.net/images/author.jpg,
|
||||||
|
"width": 250,
|
||||||
|
"height": 250
|
||||||
|
},
|
||||||
|
|
||||||
|
"url": https://www.captainark.net,
|
||||||
|
"sameAs": [
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
],
|
||||||
|
"description": Geek | Gamer | TV Shows Aficionado
|
||||||
|
|
||||||
|
},
|
||||||
|
"headline": Updating passwords with Ansible,
|
||||||
|
"name": Updating passwords with Ansible,
|
||||||
|
"wordCount": 708,
|
||||||
|
"timeRequired": "PT4M",
|
||||||
|
"inLanguage": {
|
||||||
|
"@type": "Language",
|
||||||
|
"alternateName": en
|
||||||
|
},
|
||||||
|
"url": https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/,
|
||||||
|
"datePublished": 2019-01-19T00:00Z,
|
||||||
|
"dateModified": 2019-01-19T00:00Z,
|
||||||
|
|
||||||
|
|
||||||
|
"description": ,
|
||||||
|
"mainEntityOfPage": {
|
||||||
|
"@type": "WebPage",
|
||||||
|
"@id": https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<script type="text/javascript" src="https://www.captainark.net/js/stats.js"></script>
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fork-awesome@1.1.5/css/fork-awesome.min.css" integrity="sha256-P64qV9gULPHiZTdrS1nM59toStkgjM0dsf5mK/UwBV4=" crossorigin="anonymous">
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
<body class="nav-closed">
|
||||||
|
|
||||||
|
<div class="nav">
|
||||||
|
<h3 class="nav-title">Menu</h3>
|
||||||
|
<a href="#" class="nav-close">
|
||||||
|
<span class="hidden">Close</span>
|
||||||
|
</a>
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<h3>This site</h3>
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://www.captainark.net/">Home</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://www.captainark.net/about">About</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://www.captainark.net/resume">Resume</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<h3>Other services</h3>
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://git.captainark.net">Gitea</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://pics.captainark.net">Chevereto</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://paste.captainark.net">Privatebin</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
<li class="nav-opened" role="presentation">
|
||||||
|
<a href="https://chat.captainark.net">Rocket.Chat</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
<a class="subscribe-button icon-feed" href="https://www.captainark.net/index.xml">Subscribe</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<span class="nav-cover"></span>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="site-wrapper">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<header class="main-header post-head no-cover">
|
||||||
|
<nav class="main-nav clearfix">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<a class="blog-logo" href="https://www.captainark.net/"><img src="https://www.captainark.net/images/logo.png" alt="Home" /></a>
|
||||||
|
|
||||||
|
|
||||||
|
<a class="menu-button" href="#"><span class="burger">☰</span><span class="word">Menu</span></a>
|
||||||
|
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<main class="content" role="main">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
|
||||||
|
<header class="post-header">
|
||||||
|
<h1 class="post-title">Updating passwords with Ansible</h1>
|
||||||
|
<small></small>
|
||||||
|
|
||||||
|
<section class="post-meta">
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2019-01-19T00:00:00+01:00">
|
||||||
|
19 January 2019
|
||||||
|
</time>
|
||||||
|
|
||||||
|
|
||||||
|
</section>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<section class="post-content">
|
||||||
|
|
||||||
|
|
||||||
|
<p>I’ve recently migrated from <a href="https://keepassxc.org/">KeePassXC</a> to <a href="https://github.com/dani-garcia/bitwarden_rs">Bitwarden_RS</a> (which I highly recommend, by the way) to manage my passwords.</p>
|
||||||
|
|
||||||
|
<p>I figured it was an opportunity to update passwords I hadn’t changed in… <em>years</em>. My Linux users’ passwords were among those.</p>
|
||||||
|
|
||||||
|
<p>Instead of updating them manually on each machine, I thought there might be a way to do so with Ansible, and since it turns out there is, I thought I might as well share it here!</p>
|
||||||
|
|
||||||
|
<p><strong>Please be careful when it comes to password modification automation. You might end up locking yourself out of your servers.</strong></p>
|
||||||
|
|
||||||
|
<h2 id="generating-password-hashes">Generating password hashes</h2>
|
||||||
|
|
||||||
|
<p>First thing first, we’ll need to generate <code>passwd</code> compatible password hashes for our users.</p>
|
||||||
|
|
||||||
|
<p>In this example, I’ll generate a hash for the <em>P@ssw0rd</em> password :</p>
|
||||||
|
|
||||||
|
<pre><code>mkpasswd -m sha-512
|
||||||
|
Password:
|
||||||
|
$6$wAVPV.Coc$o3FNxs9EPgXF54hv1BeKtfoMnLwE5VATL71jlHQHeVyCaevnnxfSp/x1UbJ00F3qlyyfUAmscuGXImoHmXBFa.
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>You might notice you’ll get a different result if you run the same command again :</p>
|
||||||
|
|
||||||
|
<pre><code>mkpasswd -m sha-512
|
||||||
|
Password:
|
||||||
|
$6$iFBWJD3300m$CYZJRSfZ4scHYNI9ggqe8WYef7Qym2Oi5ycgb64VsbU3.WM1GoJYlh1sawENTD7nrXVCthvs8LRPw1CVjzkP71
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>That’s because, unless you specify it, the salt used by <code>mkpasswd</code> to encrypt the password is random.</p>
|
||||||
|
|
||||||
|
<p>You can choose a salt with the <code>-S</code> parameter if you want :</p>
|
||||||
|
|
||||||
|
<pre><code>mkpasswd -m sha-512 -S hmmmsalt
|
||||||
|
Password:
|
||||||
|
$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/
|
||||||
|
|
||||||
|
mkpasswd -m sha-512 -S hmmmsalt
|
||||||
|
Password:
|
||||||
|
$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/
|
||||||
|
captainark@heimdall ~ %
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="ansible-vault">Ansible vault</h2>
|
||||||
|
|
||||||
|
<p>Passwords are <em>secrets</em>. Even if there are hashed, you don’t want them to be publicly accessible.</p>
|
||||||
|
|
||||||
|
<p>If, like me, your Ansible configuration is in a git repository, you should not commit them in an unencrypted file.</p>
|
||||||
|
|
||||||
|
<p>Ansible offers a way to encrypt a file containing variables with the <code>ansible-vault</code> command.</p>
|
||||||
|
|
||||||
|
<p>We first have to create a vault :</p>
|
||||||
|
|
||||||
|
<pre><code>cd /your/ansible/project
|
||||||
|
mkdir -p group_vars/all/
|
||||||
|
ansible-vault create group_vars/all/vault.yml
|
||||||
|
New Vault password:
|
||||||
|
Confirm New Vault password:
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>As you can see, the command will ask you to provide a password for the vault. It will then open the file in your <code>$EDITOR</code> (that’ll be <code>vim</code> if you’re a cool kid).</p>
|
||||||
|
|
||||||
|
<p>The file is like any Ansible vault file. I’ll create a variable for the <code>root</code> and <code>captainark</code> users in my case :</p>
|
||||||
|
|
||||||
|
<pre><code class="language-yaml">vault_captainarkpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
vault_rootpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>An <a href="https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#variables-and-vaults">Ansible best practice</a> is to prepend all variables that are stored in a vault with the <code>vault_</code> prefix. It makes where they are stored clear when reading through a playbook.</p>
|
||||||
|
|
||||||
|
<p>Once saved, if you try to <code>cat</code> the file, you won’t be able to see its actual content :</p>
|
||||||
|
|
||||||
|
<pre><code>cat group_vars/all/vault.yml
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32393530376537323233633636316330373136316265316662646437393533376135666232656366
|
||||||
|
3335623863333865666133666634633233616531636634370a663965356466383039326262313066
|
||||||
|
62633434396465313666333032663130343434326665386333323733633062613832653530393761
|
||||||
|
6333653338393231640a623938616634626462653965613766313335386136333362313033363735
|
||||||
|
64313662623039363365326639633231306335366432306361613837656364356464373837656565
|
||||||
|
61636538376262333762376235306337303531386638643632316361323037393230366537393132
|
||||||
|
35373861373863613666303531353737373130353330643535353238633665653236633130653064
|
||||||
|
39346330326566633262613535386633613565633566623934613066613238353739386133346535
|
||||||
|
64643762333462653966633363653439633037373161316663646261663764393332653732656335
|
||||||
|
61373462666336343533333162663637656236333739633065623939323937663137376431346231
|
||||||
|
38653338386539383663613230656165313566363733396134386366626430313235343264643938
|
||||||
|
64306163353437366362616166666565316663366163346565313436343537366330363932303038
|
||||||
|
37653138643165353138393466343063666535313933663066633832353331643838356539303533
|
||||||
|
61626237356538353261326136613239336662346337363331393037623863623433336432353461
|
||||||
|
32356136316339623139346330333235363331653634373836333730653436636563323134616337
|
||||||
|
36643433356133376138
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>To view the variables in the file, you can use the <code>ansible-vault view</code> command :</p>
|
||||||
|
|
||||||
|
<pre><code class="language-yaml">ansible-vault view group_vars/all/vault.yml
|
||||||
|
Vault password:
|
||||||
|
vault_captainarkpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
vault_rootpwd: "$6$hmmmsalt$RwZR2r9W5cSv5bVgeSFPX0rJiovWOD5kMDFey1xPR6JtasqQZqHTiuW5JoQ.0VCW6oNHJlgOYJ.auhl82gfX8/"
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>To edit the vault’s content, you can use the <code>ansible-vault edit group_vars/all/vault.yml</code> command.</p>
|
||||||
|
|
||||||
|
<h2 id="the-playbook">The playbook</h2>
|
||||||
|
|
||||||
|
<p>Now that our vault is ready, all that’s left is to run the following playbook :</p>
|
||||||
|
|
||||||
|
<pre><code class="language-yaml">---
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: PASSWORDS | Check if the captainark user exists
|
||||||
|
shell: id -u captainark
|
||||||
|
register: captainark_exists
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: PASSWORDS | Update captainark password
|
||||||
|
user:
|
||||||
|
name: captainark
|
||||||
|
password: "{{ vault_captainarkpwd }}"
|
||||||
|
update_password: always
|
||||||
|
when: captainark_exists.rc == 0
|
||||||
|
|
||||||
|
- name: PASSWORDS | Create captainark user
|
||||||
|
user:
|
||||||
|
name: captainark
|
||||||
|
password: "{{ vault_captainarkpwd }}"
|
||||||
|
shell: /usr/bin/zsh
|
||||||
|
uid: 1000
|
||||||
|
groups: adm,sudo,apps
|
||||||
|
when: captainark_exists.rc != 0
|
||||||
|
|
||||||
|
- name: PASSWORDS | Update root password
|
||||||
|
user:
|
||||||
|
name: root
|
||||||
|
password: "{{ vault_rootpwd }}"
|
||||||
|
update_password: always
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>I’ve called this playbook <code>passwords.yml</code>. To run it, I simply execute the following command :</p>
|
||||||
|
|
||||||
|
<pre><code>ansible-playbook passwords.yml --ask-vault-pass
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>The command asks for the vault password to decrypt its contents.</p>
|
||||||
|
|
||||||
|
<p>The playbook will first check if the <code>captainark</code> user exists, and it will update its password if it does. If it doesn’t, the user will be created with the defined options.</p>
|
||||||
|
|
||||||
|
<p>Since the <code>root</code> user should always exist, the playbook changes its password without checking.</p>
|
||||||
|
|
||||||
|
<p><strong>N.B. :</strong> If you’ve decided to store your vault somewhere else, you might need to add a task at the beginning of the playbook to load it, like so :</p>
|
||||||
|
|
||||||
|
<pre><code class="language-yaml"> - name: PASSWORDS | Load the vault
|
||||||
|
include_vars: /path/to/your/vault.yml
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="conclusion">Conclusion</h2>
|
||||||
|
|
||||||
|
<p>That’s all! As always, I hope someone finds this article useful!</p>
|
||||||
|
|
||||||
|
<p>If you do, please let me know in the comments here, on <a href="https://twitter.com/captainark">Twitter</a> or on the <a href="https://social.captainark.net/users/captainark/">Fediverse</a>!</p>
|
||||||
|
|
||||||
|
<p>Also, if you have any questions, feel free to hit me up on my <a href="https://chat.captainark.net">Rocket.Chat</a> instance! Hopefully I’ll write about it in the future!</p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
|
||||||
|
<footer class="post-footer">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<figure class="author-image">
|
||||||
|
<a class="img" href="https://www.captainark.net/" style="background-image: url(/images/author.jpg)"><span class="hidden">Antoine Joubert's Picture</span></a>
|
||||||
|
</figure>
|
||||||
|
|
||||||
|
|
||||||
|
<section class="author">
|
||||||
|
<h4><a href="https://www.captainark.net/">Antoine Joubert</a></h4>
|
||||||
|
|
||||||
|
<p>Geek | Gamer | TV Shows Aficionado</p>
|
||||||
|
|
||||||
|
<div class="author-meta">
|
||||||
|
<span class="author-location icon-location">Angers, France</span>
|
||||||
|
<span class="author-link icon-link"><a href="https://www.captainark.net">https://www.captainark.net</a></span>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<!-- isso -->
|
||||||
|
<script data-isso="https://www.captainark.net/comments/" src="https://www.captainark.net/comments/js/embed.min.js"></script>
|
||||||
|
<noscript>Please enable JavaScript to view comments</noscript>
|
||||||
|
<section id="isso-thread"></section>
|
||||||
|
<!-- end isso -->
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
</main>
|
||||||
|
|
||||||
|
|
||||||
|
<aside class="read-next">
|
||||||
|
|
||||||
|
|
||||||
|
<a class="read-next-story prev" style="no-cover" href="https://www.captainark.net/2018/12/03/debian-repos-over-https/">
|
||||||
|
<section class="post">
|
||||||
|
<h2>Debian repos over HTTPS</h2>
|
||||||
|
</section>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</aside>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<center>
|
||||||
|
<a class="fa-icons" href="mailto:contact@captainark.net">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-envelope fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
<a class="fa-icons" href="https://twitter.com/captainark">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-twitter fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
<a class="fa-icons" href="https://social.captainark.net/users/captainark">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-mastodon-alt fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
<a class="fa-icons" href="https://github.com/captainark">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-github fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
<a class="fa-icons" href="https://www.last.fm/user/captainark">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-lastfm fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
<a class="fa-icons" href="https://steamcommunity.com/id/captainark">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-steam fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
<a class="fa-icons" href="https://www.twitch.tv/captainark">
|
||||||
|
<span class="fa-stack fa-lg">
|
||||||
|
<i class="fa fa-circle fa-stack-2x"></i>
|
||||||
|
<i class="fa fa-twitch fa-stack-1x fa-inverse"></i>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
</center>
|
||||||
|
|
||||||
|
|
||||||
|
<footer class="site-footer clearfix">
|
||||||
|
<section class="copyright"><a href="">Sysadmining. All day. Every day.</a> © 2015 - 2019</section>
|
||||||
|
|
||||||
|
<section class="poweredby">Proudly generated by <a class="icon-hugo" href="http://gohugo.io">HUGO</a>, with <a class="icon-theme" href="https://github.com/vjeantet/hugo-theme-casper">Casper</a> theme</section>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
</div>
|
||||||
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js" integrity="sha384-CgeP3wqr9h5YanePjYLENwCTSSEz42NJkbFpAFgHWQz7u3Zk8D00752ScNpXqGjS" crossorigin="anonymous"></script>
|
||||||
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/fitvids/1.1.0/jquery.fitvids.min.js" integrity="sha384-2/VQUb0aZHixKnNLh7pD38DZk+acGpEw5LeHieWVDPR0h/H326kp/1qnRPDYmFXM" crossorigin="anonymous"></script>
|
||||||
|
<script type="text/javascript" src="https://www.captainark.net/js/index.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
@ -269,6 +269,8 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -284,6 +286,40 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
<header class="post-header">
|
||||||
|
<h2 class="post-title"><a href="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/">Updating passwords with Ansible</a></h2>
|
||||||
|
</header>
|
||||||
|
<section class="post-excerpt">
|
||||||
|
|
||||||
|
<p>I’ve recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.
|
||||||
|
I figured it was an opportunity to update passwords I hadn’t changed in… years. My Linux users’ passwords were among those. <a class="read-more" href="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/">»</a></p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<footer class="post-meta">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Antoine Joubert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2019-01-19T00:00:00+01:00">
|
||||||
|
19 January 2019
|
||||||
|
</time>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
<article class="post post">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2018/12/03/debian-repos-over-https/">Debian repos over HTTPS</a></h2>
|
<h2 class="post-title"><a href="https://www.captainark.net/2018/12/03/debian-repos-over-https/">Debian repos over HTTPS</a></h2>
|
||||||
@ -419,39 +455,6 @@ I’ve been wanting to write a quick shell script to version my DNS zones fo
|
|||||||
</article>
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
|
||||||
<header class="post-header">
|
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">WebDAV with nginx</a></h2>
|
|
||||||
</header>
|
|
||||||
<section class="post-excerpt">
|
|
||||||
|
|
||||||
<p>This website has been hosted on an Online.net dedicated server since its creation. I’ve been one of their customers for the past 3 years now, and I still don’t have anything bad to say about them. <a class="read-more" href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">»</a></p>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
<footer class="post-meta">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Antoine Joubert
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<time class="post-date" datetime="2016-03-26T00:00:00+01:00">
|
|
||||||
26 March 2016
|
|
||||||
</time>
|
|
||||||
</footer>
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<nav class="pagination" role="navigation">
|
<nav class="pagination" role="navigation">
|
||||||
|
|
||||||
|
@ -7,11 +7,21 @@
|
|||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-us</language>
|
<language>en-us</language>
|
||||||
<copyright>© 2015 - 2019</copyright>
|
<copyright>© 2015 - 2019</copyright>
|
||||||
<lastBuildDate>Sun, 06 Jan 2019 12:20:53 +0100</lastBuildDate>
|
<lastBuildDate>Sat, 19 Jan 2019 00:00:00 +0100</lastBuildDate>
|
||||||
|
|
||||||
<atom:link href="https://www.captainark.net/index.xml" rel="self" type="application/rss+xml" />
|
<atom:link href="https://www.captainark.net/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Updating passwords with Ansible</title>
|
||||||
|
<link>https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/</link>
|
||||||
|
<pubDate>Sat, 19 Jan 2019 00:00:00 +0100</pubDate>
|
||||||
|
|
||||||
|
<guid>https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/</guid>
|
||||||
|
<description>I&rsquo;ve recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.
|
||||||
|
I figured it was an opportunity to update passwords I hadn&rsquo;t changed in&hellip; years. My Linux users&rsquo; passwords were among those.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Resume</title>
|
<title>Resume</title>
|
||||||
<link>https://www.captainark.net/resume/</link>
|
<link>https://www.captainark.net/resume/</link>
|
||||||
|
@ -265,6 +265,8 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -282,6 +284,39 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
<header class="post-header">
|
||||||
|
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">WebDAV with nginx</a></h2>
|
||||||
|
</header>
|
||||||
|
<section class="post-excerpt">
|
||||||
|
|
||||||
|
<p>This website has been hosted on an Online.net dedicated server since its creation. I’ve been one of their customers for the past 3 years now, and I still don’t have anything bad to say about them. <a class="read-more" href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">»</a></p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<footer class="post-meta">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Antoine Joubert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2016-03-26T00:00:00+01:00">
|
||||||
|
26 March 2016
|
||||||
|
</time>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
<article class="post post">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/13/mysql-backup-script/">MySQL backup script</a></h2>
|
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/13/mysql-backup-script/">MySQL backup script</a></h2>
|
||||||
@ -416,40 +451,6 @@ From the 4 Debian machines I had to keep up-to-date, I now have 7, so it became
|
|||||||
</article>
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
|
||||||
<header class="post-header">
|
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2015/05/25/flexget-init-script/">Flexget init script</a></h2>
|
|
||||||
</header>
|
|
||||||
<section class="post-excerpt">
|
|
||||||
|
|
||||||
<p>I’ve been using Flexget for the past two years or so as a download automator.
|
|
||||||
Since I wrote an init script for it a while back, and it is compatible with Debian Jessie / systemd, I figured I’d share it here. <a class="read-more" href="https://www.captainark.net/2015/05/25/flexget-init-script/">»</a></p>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
<footer class="post-meta">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Antoine Joubert
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<time class="post-date" datetime="2015-05-25T00:00:00+01:00">
|
|
||||||
25 May 2015
|
|
||||||
</time>
|
|
||||||
</footer>
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<nav class="pagination" role="navigation">
|
<nav class="pagination" role="navigation">
|
||||||
|
|
||||||
|
@ -265,6 +265,8 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -280,6 +282,40 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
<header class="post-header">
|
||||||
|
<h2 class="post-title"><a href="https://www.captainark.net/2015/05/25/flexget-init-script/">Flexget init script</a></h2>
|
||||||
|
</header>
|
||||||
|
<section class="post-excerpt">
|
||||||
|
|
||||||
|
<p>I’ve been using Flexget for the past two years or so as a download automator.
|
||||||
|
Since I wrote an init script for it a while back, and it is compatible with Debian Jessie / systemd, I figured I’d share it here. <a class="read-more" href="https://www.captainark.net/2015/05/25/flexget-init-script/">»</a></p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<footer class="post-meta">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Antoine Joubert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2015-05-25T00:00:00+01:00">
|
||||||
|
25 May 2015
|
||||||
|
</time>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
<article class="post post">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2015/04/24/setting-up-a-mail-server/">Setting up a mail server</a></h2>
|
<h2 class="post-title"><a href="https://www.captainark.net/2015/04/24/setting-up-a-mail-server/">Setting up a mail server</a></h2>
|
||||||
|
@ -225,6 +225,40 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
<header class="post-header">
|
||||||
|
<h2 class="post-title"><a href="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/">Updating passwords with Ansible</a></h2>
|
||||||
|
</header>
|
||||||
|
<section class="post-excerpt">
|
||||||
|
|
||||||
|
<p>I’ve recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.
|
||||||
|
I figured it was an opportunity to update passwords I hadn’t changed in… years. My Linux users’ passwords were among those. <a class="read-more" href="https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/">»</a></p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<footer class="post-meta">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Antoine Joubert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2019-01-19T00:00:00+01:00">
|
||||||
|
19 January 2019
|
||||||
|
</time>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
<article class="post post">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2018/12/03/debian-repos-over-https/">Debian repos over HTTPS</a></h2>
|
<h2 class="post-title"><a href="https://www.captainark.net/2018/12/03/debian-repos-over-https/">Debian repos over HTTPS</a></h2>
|
||||||
@ -360,39 +394,6 @@ I’ve been wanting to write a quick shell script to version my DNS zones fo
|
|||||||
</article>
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
|
||||||
<header class="post-header">
|
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">WebDAV with nginx</a></h2>
|
|
||||||
</header>
|
|
||||||
<section class="post-excerpt">
|
|
||||||
|
|
||||||
<p>This website has been hosted on an Online.net dedicated server since its creation. I’ve been one of their customers for the past 3 years now, and I still don’t have anything bad to say about them. <a class="read-more" href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">»</a></p>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
<footer class="post-meta">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Antoine Joubert
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<time class="post-date" datetime="2016-03-26T00:00:00+01:00">
|
|
||||||
26 March 2016
|
|
||||||
</time>
|
|
||||||
</footer>
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<nav class="pagination" role="navigation">
|
<nav class="pagination" role="navigation">
|
||||||
|
|
||||||
|
@ -7,11 +7,21 @@
|
|||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-us</language>
|
<language>en-us</language>
|
||||||
<copyright>© 2015 - 2019</copyright>
|
<copyright>© 2015 - 2019</copyright>
|
||||||
<lastBuildDate>Mon, 03 Dec 2018 00:00:00 +0100</lastBuildDate>
|
<lastBuildDate>Sat, 19 Jan 2019 00:00:00 +0100</lastBuildDate>
|
||||||
|
|
||||||
<atom:link href="https://www.captainark.net/post/index.xml" rel="self" type="application/rss+xml" />
|
<atom:link href="https://www.captainark.net/post/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Updating passwords with Ansible</title>
|
||||||
|
<link>https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/</link>
|
||||||
|
<pubDate>Sat, 19 Jan 2019 00:00:00 +0100</pubDate>
|
||||||
|
|
||||||
|
<guid>https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/</guid>
|
||||||
|
<description>I&rsquo;ve recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.
|
||||||
|
I figured it was an opportunity to update passwords I hadn&rsquo;t changed in&hellip; years. My Linux users&rsquo; passwords were among those.</description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Debian repos over HTTPS</title>
|
<title>Debian repos over HTTPS</title>
|
||||||
<link>https://www.captainark.net/2018/12/03/debian-repos-over-https/</link>
|
<link>https://www.captainark.net/2018/12/03/debian-repos-over-https/</link>
|
||||||
|
@ -227,6 +227,39 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
<header class="post-header">
|
||||||
|
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">WebDAV with nginx</a></h2>
|
||||||
|
</header>
|
||||||
|
<section class="post-excerpt">
|
||||||
|
|
||||||
|
<p>This website has been hosted on an Online.net dedicated server since its creation. I’ve been one of their customers for the past 3 years now, and I still don’t have anything bad to say about them. <a class="read-more" href="https://www.captainark.net/2016/03/26/webdav-with-nginx/">»</a></p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<footer class="post-meta">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Antoine Joubert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2016-03-26T00:00:00+01:00">
|
||||||
|
26 March 2016
|
||||||
|
</time>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
<article class="post post">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/13/mysql-backup-script/">MySQL backup script</a></h2>
|
<h2 class="post-title"><a href="https://www.captainark.net/2016/03/13/mysql-backup-script/">MySQL backup script</a></h2>
|
||||||
@ -361,40 +394,6 @@ From the 4 Debian machines I had to keep up-to-date, I now have 7, so it became
|
|||||||
</article>
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
|
||||||
<header class="post-header">
|
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2015/05/25/flexget-init-script/">Flexget init script</a></h2>
|
|
||||||
</header>
|
|
||||||
<section class="post-excerpt">
|
|
||||||
|
|
||||||
<p>I’ve been using Flexget for the past two years or so as a download automator.
|
|
||||||
Since I wrote an init script for it a while back, and it is compatible with Debian Jessie / systemd, I figured I’d share it here. <a class="read-more" href="https://www.captainark.net/2015/05/25/flexget-init-script/">»</a></p>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
<footer class="post-meta">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Antoine Joubert
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<time class="post-date" datetime="2015-05-25T00:00:00+01:00">
|
|
||||||
25 May 2015
|
|
||||||
</time>
|
|
||||||
</footer>
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<nav class="pagination" role="navigation">
|
<nav class="pagination" role="navigation">
|
||||||
|
|
||||||
|
@ -225,6 +225,40 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post">
|
||||||
|
<header class="post-header">
|
||||||
|
<h2 class="post-title"><a href="https://www.captainark.net/2015/05/25/flexget-init-script/">Flexget init script</a></h2>
|
||||||
|
</header>
|
||||||
|
<section class="post-excerpt">
|
||||||
|
|
||||||
|
<p>I’ve been using Flexget for the past two years or so as a download automator.
|
||||||
|
Since I wrote an init script for it a while back, and it is compatible with Debian Jessie / systemd, I figured I’d share it here. <a class="read-more" href="https://www.captainark.net/2015/05/25/flexget-init-script/">»</a></p>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<footer class="post-meta">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<img class="author-thumb" src="https://www.captainark.net/images/author.jpg" alt="Author image" nopin="nopin" />
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Antoine Joubert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<time class="post-date" datetime="2015-05-25T00:00:00+01:00">
|
||||||
|
25 May 2015
|
||||||
|
</time>
|
||||||
|
</footer>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
<article class="post post">
|
<article class="post post">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
<h2 class="post-title"><a href="https://www.captainark.net/2015/04/24/setting-up-a-mail-server/">Setting up a mail server</a></h2>
|
<h2 class="post-title"><a href="https://www.captainark.net/2015/04/24/setting-up-a-mail-server/">Setting up a mail server</a></h2>
|
||||||
|
@ -2,6 +2,11 @@
|
|||||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
||||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://www.captainark.net/2019/01/19/updating-passwords-with-ansible/</loc>
|
||||||
|
<lastmod>2019-01-19T00:00:00+01:00</lastmod>
|
||||||
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.captainark.net/resume/</loc>
|
<loc>https://www.captainark.net/resume/</loc>
|
||||||
<lastmod>2019-01-06T12:20:53+01:00</lastmod>
|
<lastmod>2019-01-06T12:20:53+01:00</lastmod>
|
||||||
@ -74,13 +79,13 @@
|
|||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.captainark.net/post/</loc>
|
<loc>https://www.captainark.net/post/</loc>
|
||||||
<lastmod>2018-12-03T00:00:00+01:00</lastmod>
|
<lastmod>2019-01-19T00:00:00+01:00</lastmod>
|
||||||
<priority>0</priority>
|
<priority>0</priority>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.captainark.net/</loc>
|
<loc>https://www.captainark.net/</loc>
|
||||||
<lastmod>2019-01-06T12:20:53+01:00</lastmod>
|
<lastmod>2019-01-19T00:00:00+01:00</lastmod>
|
||||||
<priority>0</priority>
|
<priority>0</priority>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user