feat: implement custom 1Password lookup plugin and update references in Ansible tasks

config/ansible/plugins/lookup/README.md

@@ -14,7 +14,7 @@ The lookup plugin accepts a 1Password reference string in the format `op://vault
 ```yaml
 - name: Fetch a secret from 1Password
   debug:
-    msg: "{{ lookup('onepassword', 'op://vault/item/password') }}"
+    msg: "{{ lookup('my_1password', 'op://vault/item/password') }}"
 ```
 
 ## Examples
@@ -24,14 +24,14 @@ The lookup plugin accepts a 1Password reference string in the format `op://vault
 ```yaml
 - name: Fetch API key
   debug:
-    msg: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
+    msg: "{{ lookup('my_1password', 'op://My Vault/API Credentials/token') }}"
 ```
 
 ### Using with templates
 
 ```yaml
 # In your template file (e.g., config.j2)
-api_key: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
+api_key: "{{ lookup('my_1password', 'op://My Vault/API Credentials/token') }}"
 ```
 
 ### Multiple secrets
@@ -40,8 +40,8 @@ api_key: "{{ lookup('onepassword', 'op://My Vault/API Credentials/token') }}"
 - name: Fetch multiple secrets
   debug:
     msg: 
-      - "{{ lookup('onepassword', 'op://vault/item1/field') }}"
-      - "{{ lookup('onepassword', 'op://vault/item2/field') }}"
+      - "{{ lookup('my_1password', 'op://vault/item1/field') }}"
+      - "{{ lookup('my_1password', 'op://vault/item2/field') }}"
 ```
 
 ## Error Handling

config/ansible/plugins/lookup/my_1password.py

@@ -2,7 +2,7 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = """
-    name: onepassword
+    name: my_1password
     author: Menno
     version_added: "1.0"
     short_description: fetch secrets from 1Password
@@ -17,15 +17,15 @@ DOCUMENTATION = """
 EXAMPLES = """
 - name: fetch password using 1Password reference
   debug:
-    msg: "{{ lookup('onepassword', 'op://vault/item/password') }}"
+    msg: "{{ lookup('my_1password', 'op://vault/item/password') }}"
 
 - name: fetch username from item
   debug:
-    msg: "{{ lookup('onepassword', 'op://vault/item/username') }}"
+    msg: "{{ lookup('my_1password', 'op://vault/item/username') }}"
     
 - name: fetch custom field
   debug:
-    msg: "{{ lookup('onepassword', 'op://vault/item/custom_field') }}"
+    msg: "{{ lookup('my_1password', 'op://vault/item/custom_field') }}"
 """
 
 RETURN = """

config/ansible/tasks/servers/services/golink/docker-compose.yml.j2

@@ -4,7 +4,7 @@ services:
     image: ghcr.io/tailscale/golink:main
     user: root
     environment:
-      - TS_AUTHKEY={{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/GoLink/TS_AUTHKEY') }}
+      - TS_AUTHKEY={{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/GoLink/TS_AUTHKEY') }}
     volumes:
       - {{ golink_data_dir }}:/home/nonroot
     restart: "unless-stopped"

config/ansible/tasks/servers/services/hoarder/dotenv.j2

@@ -7,6 +7,6 @@ NEXTAUTH_URL=http://localhost:3000
 
 DATA_DIR=/data
 
-NEXTAUTH_SECRET="{{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/NEXTAUTH_SECRET') }}"
-MEILI_MASTER_KEY="{{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/MEILI_MASTER_KEY') }}"
-OPENAI_API_KEY="{{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/OPENAI_API_KEY') }}"
+NEXTAUTH_SECRET="{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/NEXTAUTH_SECRET') }}"
+MEILI_MASTER_KEY="{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/MEILI_MASTER_KEY') }}"
+OPENAI_API_KEY="{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/OPENAI_API_KEY') }}"

config/ansible/tasks/servers/sshfs.yml

@@ -1,12 +1,16 @@
 ---
 - name: Configure SSHFS
   block:
-    - name: SSHFS Details
+    - name: Debug which plugin is being used
+      ansible.builtin.debug:
+        msg: "Using lookup plugins from: {{ lookup('pipe', 'ansible-config dump | grep DEFAULT_LOOKUP_PLUGIN_PATH') }}"
+
+    - name: Get SSHFS credentials via local lookup
+      delegate_to: localhost
       ansible.builtin.set_fact:
-        # Use lookup with explicit plugin path to ensure our custom plugin is used
-        sshfs_user: "{{ lookup('file', lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/username')) }}"
-        sshfs_pass: "{{ lookup('file', lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/new_password')) }}"
-        sshfs_host: "{{ lookup('file', lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/host')) }}"
+        sshfs_user: "{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/username') }}"
+        sshfs_pass: "{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/new_password') }}"
+        sshfs_host: "{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/host') }}"
         sshfs_port: 23
         remote_path: /mnt/storage-box
 

config/ansible/tests/test-onepassword-lookup.yml

@@ -8,7 +8,7 @@
   tasks:
     - name: Test lookup with direct reference
       ansible.builtin.debug:
-        msg: "{{ lookup('onepassword', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/host') }}"
+        msg: "{{ lookup('my_1password', 'op://j7nmhqlsjmp2r6umly5t75hzb4/5j5y5axfjr3f3sn5nixb6htg4y/host') }}"
 
     - name: Template with lookup
       ansible.builtin.template: