Install: Ansible Vault
Ansible Vault is a feature of Ansible that allows users to encrypt data with AES 256 cipher. This allows us to secure sensitive data, such as passwords and keys, and have Ansible decrypt them automatically when they are needed.
Unless you have a specific reason to set this up [for example, you back your cloudbox install up to a location you do not control] you should maybe skip it. It seems to cause confusion and problems, particularly with restoring from a backup.
We will use this to encrypt accounts.yml, where all the account info is stored.
This is an optional step; you do not have to set this up as part of the install. If you do set it up, make sure you keep track of the password, as this password file is not backed up by the built-in backup.
Note: For more information on Ansible Vault, checkout the Ansible Vault Primer.
export EDITOR=nano
Note: This is only needed for new installs as the Cloudbox install will set nano to be the default editor.
-
First we need to create a password file.
nano ~/.ansible_vault -
Type in a password. This does not have to be [and should not be] your user or root password. It is used solely for securing this ansible accounts file:
yourpassword -
When done editing, save the file: Ctrl + X Y Enter.
We will now need to add the location of the password file into ansible.cfg, in the format of:
-
Edit
ansible.cfg:nano ~/cloudbox/ansible.cfg -
Add the following line:
vault_password_file = $HOME/.ansible_vault -
It should now look like this:
[defaults] inventory = inventories/local callback_whitelist = profile_tasks command_warnings = False retry_files_enabled = False hash_behaviour = merge vault_password_file = $HOME/.ansible_vault -
When done editing, save the file: Ctrl + X Y Enter.
-
Run the following command:
ansible-vault encrypt ~/cloudbox/accounts.yml -
You will get the following output:
Encryption successful
Remember: This password file is not backed up by the built-in backup; make a backup of it now, or save the password in a secure place.
- Overview
- Presumptions
- Server
- Domain Name
- Cloudflare
- Cloud Storage
- Plex / Emby - Account
- Usenet vs. BitTorrent
Cloudbox
- Overview
- Dependencies (Choose only one of these)
- Settings
- Preinstall (Choose only one of these)
- SSH
- Ansible Vault
- Rclone
- Cloudbox (Choose only one of these)
- Application Setup
- Next Steps
Feederbox (do this first)
- Overview
- Dependencies
- Settings
- Preinstall
- SSH
- Ansible Vault
- Rclone
- Feederbox (Choose only one of these)
- Application Setup
- Next Steps
Mediabox
- Overview
- Dependencies
- Settings
- Preinstall
- SSH
- Ansible Vault
- Rclone
- Mediabox (Choose only one of these)
- Application Setup
- Next Steps
- Cloudplow (Media Uploader)
- cb utility script (Develop branch only}
- Updating Cloudbox (Choose only one of these)
- Updating Cloudbox Apps
- Removing Cloudbox Apps
- Resetting Cloudbox Apps
- Migrating Cloudbox
- Settings Updater
- Ansible Vault Primer
- Plex Access Token
- Plex Autoscan Extras
- Pushover
- Google Drive API Client ID and Client Secret
- Useful Docker Commands
- Add Your Own Docker Container into Cloudbox
- Revoking SSL Certificates
- Feeder Mount
- Adding a Subdomain
- HTTP Auth Support
- Emby
- Nextcloud
- Resilio Sync
- Plex DupeFinder
- Heimdall
- NZBHydra v1
- Plex Requests
- Sickbeard MP4 Automator
- SABnzbd
- Traktarr
See Community Wiki.