Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://kolektiva.social/users/AnarchoDoggo/statuses/114026492168470079">Anarcho Doggo (anarchodoggo@kolektiva.social)'s status on Wednesday, 19-Feb-2025 04:16:35 JST</a><a href="https://kolektiva.social/@AnarchoDoggo" title="anarchodoggo@kolektiva.social"><img src="https://gnusocial.jp/avatar/73712-48-20230703182914.webp" width="48" height="48" alt="Anarcho Doggo" style="position: absolute; left: 0; top: 0;">Anarcho Doggo</a><div><a href="https://kolektiva.social/@hakan_geijer/114026449123591966" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/93402" title="foolishowl@social.coop">FoolishOwl</a></li></ul></div></section><article><p><a href="https://kolektiva.social/@hakan_geijer">@hakan_geijer</a> yeah I wish ansible was faster but it's great for this scenario. <a href="https://social.coop/@foolishowl">@foolishowl</a>  <br>and you can use "ansible  vault" to encrypt a lot of the stuff you obv don't want in plaintext in git. So when you provision it uses the vault key to decrypt on the fly and you can commit the encrypted version in git. Definitely a useful way to handle sensitive config file info (I put even ssh pubkeys in this category). Makes stuff like firewall setup, web server config, user management, ssh hardening / config, etc nicely abstracted and readily reproducible.</p><p>The other configuration management tools (chef, puppet, etc) have major drawbacks and a lot more complexity, so +1 to learning ansible for this</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4588561#notice-8982908">In conversation</a><time datetime="2025-02-19T04:16:35+09:00" title="Wednesday, 19-Feb-2025 04:16:35 JST">about 16 days ago</time> <span>from <span><a href="https://gnusocial.jp/notice/8982908" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/8982908">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Anarcho Doggo (anarchodoggo@kolektiva.social)'s status on Wednesday, 19-Feb-2025 04:16:35 JSTAnarcho Doggo
in reply to
- Håkan Geijer
- FoolishOwl
@hakan_geijer yeah I wish ansible was faster but it's great for this scenario. @foolishowl
and you can use "ansible vault" to encrypt a lot of the stuff you obv don't want in plaintext in git. So when you provision it uses the vault key to decrypt on the fly and you can commit the encrypted version in git. Definitely a useful way to handle sensitive config file info (I put even ssh pubkeys in this category). Makes stuff like firewall setup, web server config, user management, ssh hardening / config, etc nicely abstracted and readily reproducible.
The other configuration management tools (chef, puppet, etc) have major drawbacks and a lot more complexity, so +1 to learning ansible for this
In conversationabout 16 days ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice