nemoinho/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simpify handling of ansible-vault

Browse Source 
I barely have any file valled "vault.ini" or "vault.yml" except of in
the ansible context. So, this treat all these files as ansible-vault
files. The other change affects the way we're looking for an ansible.cfg
file. 1st we check if it's present in the current working dir, if it's
missing there we check if one exists in the same directory as the
vault-file itself. If we do not find any files then we give up and do
not decrypt/encrypt the vault-file. Note, that this also means that we
need an ansible.cfg for the vault to be encrypted/decrypted, no other
method is implemented.
This commit is contained in:
Felix Nehrke
2025-09-21 18:08:25 +02:00
parent ff2bdb2eca
commit c01578edaf
1 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.config/nvim/lua/config/defaults.lua
View File

@@ -141,6 +141,22 @@ vim.api.nvim_create_autocmd("FileType", {
}) })
if vim.fn.executable('ansible-vault') then if vim.fn.executable('ansible-vault') then
local function file_exists(name)
local f = io.open(name, "r")
if f ~= nil then io.close(f) return true else return false end
end
local function get_ansible_cfg()
if file_exists("ansible.cfg") then
return "ANSIBLE_CONFIG=./ansible.cfg"
else
local config_file = vim.fn.expand("%:p:h") .. "/ansible.cfg"
if file_exists(config_file) then
return "ANSIBLE_CONFIG=" .. config_file
else
return false
end
end
end
local ansiblevaultgroup = vim.api.nvim_create_augroup("ANSIBLE_VAULT", { clear = true }) local ansiblevaultgroup = vim.api.nvim_create_augroup("ANSIBLE_VAULT", { clear = true })
local vault_id = "default" local vault_id = "default"
local function register_ansible_vault_for_files_of_path_pattern(pattern) local function register_ansible_vault_for_files_of_path_pattern(pattern)
@@ -159,20 +175,24 @@ if vim.fn.executable('ansible-vault') then
pattern = pattern, pattern = pattern,
group = ansiblevaultgroup, group = ansiblevaultgroup,
callback = function () callback = function ()
local config_env = get_ansible_cfg()
if config_env == false then return end
local header = vim.fn.split(vim.fn.getline(1), ";") local header = vim.fn.split(vim.fn.getline(1), ";")
if vim.fn.len(header) > 3 then if vim.fn.len(header) > 3 then
vault_id = header[3] vault_id = header[3]
else else
vault_id = "default" vault_id = "default"
end end
vim.cmd([[silent %!ansible-vault decrypt]]) vim.cmd("silent %!" .. config_env .. " ansible-vault decrypt")
end end
}) })
vim.api.nvim_create_autocmd({ "BufWritePre", "FileWritePre" }, { vim.api.nvim_create_autocmd({ "BufWritePre", "FileWritePre" }, {
pattern = pattern, pattern = pattern,
group = ansiblevaultgroup, group = ansiblevaultgroup,
callback = function () callback = function ()
vim.cmd('silent %!ansible-vault encrypt --encrypt-vault-id="' .. vault_id .. '"') local config_env = get_ansible_cfg()
if config_env == false then return end
vim.cmd('silent %!' .. config_env .. ' ansible-vault encrypt --encrypt-vault-id="' .. vault_id .. '"')
end end
}) })
vim.api.nvim_create_autocmd({ "BufWritePost", "FileWritePost" }, { vim.api.nvim_create_autocmd({ "BufWritePost", "FileWritePost" }, {
@@ -183,8 +203,6 @@ if vim.fn.executable('ansible-vault') then
end end
}) })
end end
register_ansible_vault_for_files_of_path_pattern("*/ansible/**/vault.yml") register_ansible_vault_for_files_of_path_pattern("**/vault.yml")
register_ansible_vault_for_files_of_path_pattern("*/group_vars/*/vault.yml") register_ansible_vault_for_files_of_path_pattern("**/vault.ini")
register_ansible_vault_for_files_of_path_pattern("*/host_vars/*/vault.yml")
register_ansible_vault_for_files_of_path_pattern("*/vars/vault.yml")
end end