feat(k3s): add possibility to provide a custom backend; moved opentofu states to postgresql on actinium

2024-07-29 00:00:00 +00:00 · 2024-07-29 00:00:00 +00:00 · 6b15ecc3a6
commit 6b15ecc3a6
parent 1cd41762fc
3 changed files with 58 additions and 4 deletions
--- a/inventory/host_vars/actinium/vars.yml
+++ b/inventory/host_vars/actinium/vars.yml
@ -16,23 +16,46 @@ mariadb_server_custom_sql: "{{ vault_mariadb_server_custom_sql }}"
 mariadb_server_bind_addresses: "{{ vault_mariadb_server_bind_addresses }}"

 postgresql_server_run_custom_sql: true
-postgresql_nft_allowed_ingress_list: ['127.0.0.1/32', '10.42.0.0/16']
+postgresql_nft_allowed_ingress_list: '{{ vault_postgresql_nft_allowed_ingress_list }}'
 postgresql_server_custom_sql: "{{ vault_postgresql_server_custom_sql }}"
 postgresql_server_bind_addresses: "{{ vault_postgresql_server_bind_addresses }}"
 postgresql_server_databases_list:
  - name: '{{ vault_invidious_pg_dbname }}'
+  - name: '{{ vault_opentofu_pg_dbname }}'
 postgresql_server_accounts_list:
  - name: '{{ vault_invidious_pg_user }}'
-    db: '{{ vault_invidious_pg_dbname }}'
    password: '{{ vault_invidious_pg_password }}'
+  - name: '{{ vault_opentofu_pg_user }}'
+    password: '{{ vault_opentofu_pg_password }}'
 postgresql_server_hba_conf_list:
  - address: '10.42.0.0/16'
    databases:
-      - invidious
+      - '{{ vault_invidious_pg_dbname }}'
    contype: hostssl
    method: scram-sha-256
    users:
-      - invidious
+      - '{{ vault_invidious_pg_user }}'
+  - address: '{{ vault_provider_geopoiesis }}/32'
+    databases:
+      - '{{ vault_opentofu_pg_dbname }}'
+    contype: hostssl
+    method: scram-sha-256
+    users:
+      - '{{ vault_opentofu_pg_user }}'
+  - address: '{{ vault_provider_unobtainium }}/32'
+    databases:
+      - '{{ vault_opentofu_pg_dbname }}'
+    contype: hostssl
+    method: scram-sha-256
+    users:
+      - '{{ vault_opentofu_pg_user }}'
+  - address: '{{ vault_provider_unsepttrium }}/32'
+    databases:
+      - '{{ vault_opentofu_pg_dbname }}'
+    contype: hostssl
+    method: scram-sha-256
+    users:
+      - '{{ vault_opentofu_pg_user }}'

 k3s_cluster_helm_customizations:
  - name: routing-invidious
@ -115,6 +138,15 @@ k3s_cluster_additional_tf_resources:
    git_revision: 0.0.8
    terraform_dir: 'terraform'
    tfvars_content: '{{ vault_invoice_ninja_tfvars }}'
+    backend_override: |-
+      terraform {
+        backend "pg" {}
+      }
+    backend_env:
+      PGHOST: '{{ vault_ansible_host }}'
+      PGDATABASE: '{{ vault_opentofu_pg_dbname }}'
+      PGUSER: '{{ vault_opentofu_pg_user }}'
+      PGPASSWORD: '{{ vault_opentofu_pg_password }}'

 hc_vault_server_tls_cert_data: '{{ vault_hc_vault_server_tls_cert_data }}'
 hc_vault_server_tls_key_data: '{{ vault_hc_vault_server_tls_key_data }}'