fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 15:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add mu4e mail provisioning with vault-backed iCloud secret

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-03-17 22:12:05 +01:00
parent 3179ece124
commit e21c25c35f
8 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ansible/inventory/group_vars/desktop.yml
View File

@@ -29,6 +29,10 @@ profile_packages:
- network-manager-applet - network-manager-applet
- chromium - chromium
- emacs-gtk3 - emacs-gtk3
- mu4e
- isync
- msmtp
- libsecret
- libtool - libtool
- libvterm-devel - libvterm-devel
- cmake - cmake
@@ -120,6 +124,14 @@ desktop_dotfiles:
src: .themes.gitignore src: .themes.gitignore
dest: .themes.gitignore dest: .themes.gitignore
mode: "0644" mode: "0644"
- name: .mbsyncrc
src: .mbsyncrc
dest: .mbsyncrc
mode: "0600"
- name: .msmtprc
src: .msmtprc
dest: .msmtprc
mode: "0600"
- name: Emacs config - name: Emacs config
src: .emacs.d/ src: .emacs.d/
dest: .emacs.d/ dest: .emacs.d/

9
ansible/roles/profile_desktop_i3/tasks/main.yml
View File

@@ -63,6 +63,15 @@
group: "{{ user_group }}" group: "{{ user_group }}"
mode: "0600" mode: "0600"
- name: Store iCloud mail password in GNOME Keyring
ansible.builtin.command:
cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud
stdin: "{{ vault_icloud_mail_password }}"
stdin_add_newline: false
become: false
no_log: true
when: (vault_icloud_mail_password | default('')) | length > 0
- name: Ensure local source directory exists - name: Ensure local source directory exists
ansible.builtin.file: ansible.builtin.file:
path: "{{ user_home }}/.local/src" path: "{{ user_home }}/.local/src"

5
ansible/site.yml
View File

@@ -7,6 +7,11 @@
- hosts: void - hosts: void
become: true become: true
pre_tasks:
- name: Load local vault variables when available
ansible.builtin.include_vars:
file: "{{ playbook_dir }}/../secrets/vault.yml"
when: lookup('ansible.builtin.fileglob', playbook_dir + '/../secrets/vault.yml', errors='ignore') != ''
roles: roles:
- packages_void - packages_void

19
scripts/update_protonmail_bridge_secret.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env sh
set -eu
printf "Proton Bridge password: "
stty -echo
IFS= read -r proton_bridge_password
stty echo
printf "\n"
if [ -z "$proton_bridge_password" ]; then
printf "Error: empty password, nothing stored.\n" >&2
exit 1
fi
printf "%s" "$proton_bridge_password" \
| secret-tool store --label="ProtonMail Bridge" protonmail-bridge protonmail
printf "ProtonMail Bridge secret updated in GNOME Keyring.\n"

2
secrets/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
.vault_pass
.vault_pass*

0
secrets/.gitkeep
View File

8
secrets/vault.yml Normal file
View File

@@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
35326663666435356232666461316532653434653734613832646461666566373762613863653630
6661663665613230343037313762643662663339383339320a366562326231663637643639633431
62663231386339343033633662363531623931386239343532636530353735623233396238613666
3330653433356539320a353930626335663331333433386139393538343232636161396464306632
66336530366531656261316634663265363731666638323863313762373766303839363463633835
66653733373961636165393462376561666531343230626338333333373663613133633937336539
353632303535393564636232626135313630

2
secrets/vault.yml.example Normal file
View File

@@ -0,0 +1,2 @@
---
vault_icloud_mail_password: "REPLACE_ME"