Template private desktop mail configs

Render personal desktop configs from Ansible templates so public dotfiles no longer expose real identities or mail addresses. Update the bootstrap workflow to consume the rendered mail config and extend the encrypted vault schema for the new private values.
2026-05-30 23:49:56 +00:00 · 2026-03-18 15:00:56 +01:00
parent 4d59dc7700
commit 4892251687
9 changed files with 280 additions and 20 deletions
--- a/ansible/roles/profile_desktop_i3/tasks/main.yml
+++ b/ansible/roles/profile_desktop_i3/tasks/main.yml
@@ -47,6 +47,29 @@
  loop_control:
    label: "{{ item.dest }}"

+- name: Render desktop templates with private values
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ user_home }}/{{ item.dest }}"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - src: desktop/.gitconfig.j2
+      dest: .gitconfig
+      mode: "0644"
+    - src: desktop/.mbsyncrc.j2
+      dest: .mbsyncrc
+      mode: "0600"
+    - src: desktop/.msmtprc.j2
+      dest: .msmtprc
+      mode: "0600"
+    - src: desktop/email.el.j2
+      dest: .emacs.d/lisp/misc/email.el
+      mode: "0644"
+  loop_control:
+    label: "{{ item.dest }}"
+
 - name: Refresh user font cache
  ansible.builtin.command: fc-cache -f
  become_user: "{{ username }}"