From 9056709d865dccbcaaa87fb966a8c98d4faec77b Mon Sep 17 00:00:00 2001
From: Fabio Scotto di Santolo <fscottodev@pm.me>
Date: Thu, 2 Apr 2026 11:26:50 +0200
Subject: [PATCH] Resolve Windows PSRP vars after loading vaults

---
 README.md                                    | 18 ++++++++++++++++++
 ansible/inventory/host_vars/deadalus-win.yml |  3 ---
 ansible/site.yml                             |  7 +++++++
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 6b141b5..8f0d9e1 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,24 @@ Lo stato attuale del profilo workstation include:
 
 Workflow Windows + WSL previsto:
 
+Prima di eseguire il bootstrap Windows, apri PowerShell come amministratore e verifica la policy di esecuzione:
+
+```powershell
+Get-ExecutionPolicy -List
+```
+
+Se necessario, abilita l'esecuzione degli script per l'utente corrente:
+
+```powershell
+Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
+```
+
+Se Windows ha bloccato il file di bootstrap, sbloccalo esplicitamente:
+
+```powershell
+Unblock-File .\scripts\bootstrap_windows_workstation.ps1
+```
+
 1. eseguire `scripts/bootstrap_windows_workstation.ps1` su Windows come amministratore
 2. riavviare Windows se richiesto dalle feature WSL
 3. avviare Ubuntu WSL almeno una volta e completare la creazione dell'utente Linux
diff --git a/ansible/inventory/host_vars/deadalus-win.yml b/ansible/inventory/host_vars/deadalus-win.yml
index 846cbed..dac9a95 100644
--- a/ansible/inventory/host_vars/deadalus-win.yml
+++ b/ansible/inventory/host_vars/deadalus-win.yml
@@ -1,5 +1,2 @@
 ---
 hostname: deadalus-win
-ansible_host: "{{ windows_psrp_host | default(vault_windows_psrp_host | default('')) }}"
-ansible_user: "{{ windows_psrp_user | default(vault_windows_psrp_user | default('')) }}"
-ansible_password: "{{ windows_psrp_password | default(vault_windows_psrp_password | default('')) }}"
diff --git a/ansible/site.yml b/ansible/site.yml
index 7444766..c8bd200 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -68,6 +68,13 @@
         file: "{{ playbook_dir }}/../secrets/vault.local.yml"
       when: lookup('ansible.builtin.fileglob', playbook_dir + '/../secrets/vault.local.yml', errors='ignore', wantlist=True) | length > 0
 
+    - name: Resolve Windows PSRP connection settings
+      tags: [always]
+      ansible.builtin.set_fact:
+        ansible_host: "{{ windows_psrp_host | default(vault_windows_psrp_host | default('')) }}"
+        ansible_user: "{{ windows_psrp_user | default(vault_windows_psrp_user | default('')) }}"
+        ansible_password: "{{ windows_psrp_password | default(vault_windows_psrp_password | default('')) }}"
+
     - name: Ensure Windows PSRP connection settings are defined
       tags: [always]
       ansible.builtin.assert: