BetonQuest · seyfahni · Jan 12, 2026 · Jan 8, 2026 · Jan 8, 2026 · Jan 11, 2026
diff --git a/README.md b/README.md
@@ -6,6 +6,20 @@ It is implemented via [Ansible](https://docs.ansible.com/projects/ansible/latest
 
 To set up the server just run:
 ```shell
-ansible-playbook playbooks/setup.yaml --diff --check # to verify what would be changed
+ansible-playbook playbooks/setup.yaml --check # to verify what would be changed
 ansible-playbook playbooks/setup.yaml # to apply the changes
 ```
+
+## Secrets
+
+There are some secrets that need to be configured, but they must not be commited.
+
+To provide these secrets you can choose one of multiple options:
+
+* set them via `-e` / `--extra-vars`
+* put them into `inventory/group_vars/all/secrets.yaml`
+* put them in a secure file outside the project directory and provide the file via `-e @path/to/file.yaml`
+
+For the file-based variants you can use [Ansible vault](https://docs.ansible.com/projects/ansible/latest/vault_guide/index.html) to encrypt the secrets locally.
+
+To skip all tasks that require secrets you can use `--skip-tags secret-required`
diff --git a/ansible.cfg b/ansible.cfg
@@ -1,4 +1,8 @@
 [defaults]
 inventory = inventory
 roles_path = roles
+playbook_dir = playbooks
 interpreter_python = auto_silent
+
+[diff]
+always = true
diff --git a/inventory/group_vars/.gitignore b/inventory/group_vars/.gitignore
@@ -0,0 +1,3 @@
+# protect some file names for usage with secrets
+secret*.yaml
+*.local.*
diff --git a/roles/base/tasks/dependencies.yaml b/roles/base/tasks/dependencies.yaml
@@ -0,0 +1,5 @@
+---
+- name: Install Ansible tasks dependencies
+  community.general.pacman:
+    name: python-github3py
+    state: present
diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml
@@ -2,3 +2,4 @@
 - ansible.builtin.import_tasks: groups.yaml
 - ansible.builtin.import_tasks: sudo.yaml
 - ansible.builtin.import_tasks: directories.yaml
+- ansible.builtin.import_tasks: dependencies.yaml
diff --git a/roles/base/tasks/sudo.yaml b/roles/base/tasks/sudo.yaml
@@ -3,4 +3,3 @@
   ansible.builtin.template:
     src: admin.j2
     dest: /etc/sudoers.d/admin
-
diff --git a/roles/reposilite/tasks/base.yaml b/roles/reposilite/tasks/base.yaml
@@ -1,9 +1,4 @@
 ---
-- name: Install required packages
-  community.general.pacman:
-    name: python-github3py
-    state: present
-
 - name: Create reposilite user
   ansible.builtin.user:
     name: reposilite

diff --git a/roles/reposilite/tasks/main.yaml b/roles/reposilite/tasks/main.yaml
@@ -2,4 +2,3 @@
 - ansible.builtin.import_tasks: base.yaml
 - ansible.builtin.import_tasks: service.yaml
 - ansible.builtin.import_tasks: nginx.yaml
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,3 @@
		ansible.builtin.template:
		src: admin.j2
		dest: /etc/sudoers.d/admin
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,3 @@
		- ansible.builtin.import_tasks: base.yaml
		- ansible.builtin.import_tasks: service.yaml
		- ansible.builtin.import_tasks: nginx.yaml