eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/ansible
History
Erich Blume b7ccca87f3 Secure password management via 1Password CLI in ansible 
- All passwords fetched from 1Password at runtime using `op` CLI
- pg_hba.conf uses scram-sha-256 everywhere (no trust mode)
- initdb uses --pwfile for secure superuser password bootstrap
- All password-handling tasks use no_log: true
- Add borgmatic user with pg_read_all_data for backup dumps
- Remove pg-setup mise task (no longer needed)
- Miniflux fetches password directly from 1Password

Requires: `op signin` before running ansible

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-16 08:06:29 -08:00
..
group_vars Add grafana datasource provisioning and update workflow docs 2026-01-14 07:23:10 -08:00
inventory Add ansible playbook for indri with prometheus and grafana roles 2026-01-13 21:12:24 -08:00
playbooks Add PostgreSQL and Miniflux services to tailnet 2026-01-16 07:26:59 -08:00
roles Secure password management via 1Password CLI in ansible 2026-01-16 08:06:29 -08:00
ansible.cfg Suppress Python interpreter discovery warning in ansible 2026-01-13 21:26:41 -08:00
requirements.yml Add ansible playbook for indri with prometheus and grafana roles 2026-01-13 21:12:24 -08:00