From 16c8ca741184625fea6d25f7892bbe25d2ac8883 Mon Sep 17 00:00:00 2001 From: olli <> Date: Wed, 29 May 2024 14:28:51 +0200 Subject: [PATCH] sec --- portainer.yml | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/portainer.yml b/portainer.yml index 40bc315..20f0b3c 100644 --- a/portainer.yml +++ b/portainer.yml @@ -11,6 +11,49 @@ state: directory mode: '0770' + - name: /home/docker/portainer.{{inventory_hostname}}/genpw.sh (generate Random) + blockinfile: + path: /home/docker/portainer.{{inventory_hostname}}/genpw.sh + create: yes + mode: 0550 + owner: root + group: docker + marker: "# {mark} ANSIBLE MANAGED BLOCK" + block: | + cd /home/docker/portainer.{{inventory_hostname}} + + if [ -f env ] + then + . ./env + echo "${WEBPASSWDCRYPT}" + else + webpassword=$(pwgen -s 32 1) + webpasswordcrypted=$(htpasswd -nbB foo $webpassword | cut -d: -f2) + + echo "WEBUSER=admin + WEBPASSWD=${webpassword} + WEBPASSWDCRYPT=${webpasswordcrypted} + " >env + + chmod 440 env + chown root:docker env + echo "${webpasswordcrypted}" + fi + + backup: yes + validate: /bin/bash -n %s + + - name: /home/docker/portainer.{{inventory_hostname}}/genpw.sh shebang + lineinfile: + path: /home/docker/portainer.{{inventory_hostname}}/genpw.sh + insertbefore: BOF + line: "#!/bin/bash -e" + + - name: Get crypted PW + shell: bash /home/docker/portainer.{{inventory_hostname}}/genpw.sh + register: cryptpw + changed_when: false + - name: /home/docker/portainer/docker-compose.yml Portainer Container Configuration blockinfile: path: /home/docker/portainer/docker-compose.yml @@ -25,7 +68,7 @@ portainer: image: portainer/portainer-ce:latest # htpasswd -nb -B admin "PASSWORD" | cut -d ":" -f 2 | sed -e s/\\$/\\$\\$/g - command: --admin-password $$2y$$05$$zpNgDI6UufemwrBAg022QezGKJKFGziKudMjVdcHvQMFkiL1jmJCm + command: --admin-password {{ cryptpw.stdout }} restart: unless-stopped networks: - traefik