Load environment variables from configuration file

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

.gitignore

@@ -4,4 +4,5 @@ __pycache__
 env/
 # ignore dummy_playbook
 debug.yml
-group_vars/all/vault.yml
+# ignore local variables that are used to load passwords
+vars_plugins/pass.ini

vars_plugins/pass.ini.example

@@ -0,0 +1,3 @@
+[pass]
+password_store_dir=/home/me/.password-store
+crans_password_store_submodule=crans

vars_plugins/pass.py

@@ -1,10 +1,12 @@
 #!/usr/bin/env python
+
 from functools import lru_cache
-from os import getenv
+import os
 from pathlib import Path
 import subprocess
 import sys
 
+from ansible.module_utils.six.moves import configparser
 from ansible.plugins.vars import BaseVarsPlugin
 
 
@@ -31,8 +33,15 @@ class VarsModule(BaseVarsPlugin):
         Passwords are decrypted from the local password store, then are cached.
         By that way, we don't decrypt these passwords everytime.
         """
-        password_store = Path(getenv('PASSWORD_STORE_DIR', Path.home() / '.password-store'))
+        # Load config
-        full_command = ['gpg', '-d', password_store / getenv('CRANS_PASSWORD_STORE_SUBMODULE', 'crans') / 'ansible_vault.gpg']
+        config = configparser.ConfigParser()
+        config.read(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'pass.ini'))
+
+        password_store = Path(config.get('pass', 'password_store_dir',
+            fallback=os.getenv('PASSWORD_STORE_DIR', Path.home() / '.password-store')))
+        crans_submodule = config.get('pass', 'crans_password_store_submodule',
+                fallback=os.getenv('CRANS_PASSWORD_STORE_SUBMODULE', 'crans'))
+        full_command = ['gpg', '-d', password_store / crans_submodule / 'ansible_vault.gpg']
         proc = subprocess.run(full_command, capture_output=True, close_fds=True)
         clear_text = proc.stdout.decode('UTF-8')
         sys.stderr.write(proc.stderr.decode('UTF-8'))