ansible-infra/ansible_collections/nullified/infrastructure/roles/k3s/tasks/opentofu.yml

- name: deploy OpenTofu resource
  connection: local
  block:
    - name: set TF resource facts
      ansible.builtin.set_fact:
        k3s_tf_safe_item_name: "{{ item.name | regex_replace('[^\\w]', '') }}"
        k3s_tf_project_git_path: "{{ provisioner_facts.artifacts_dir }}/{{ item.name | regex_replace('[^\\w]', '') }}.git"
      changed_when: false

    - name: check pre-existing TF state file
      ansible.builtin.file:
        path: "{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate"
      register: tfstate_file_info
      changed_when: false
      failed_when: false
      when: item.get("backend_override", false) is falsy

    - name: fetch git repository
      ansible.builtin.git:
        repo: '{{ item.git_repository }}'
        dest: '{{ k3s_tf_project_git_path }}'
        version: '{{ item.git_revision }}'
        force: true

    - name: prepare variables file
      ansible.builtin.copy:
        content: '{{ item.tfvars_content }}'
        dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfvars'
        mode: '0600'
        force: true

    - name: prepare tfstate file
      ansible.builtin.copy:
        src: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate'
        dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfstate'
        force: true
        mode: '0600'
      when: item.get("backend_override", false) is falsy

    - name: dump custom backend override
      ansible.builtin.copy:
        content: '{{ item.backend_override }}'
        dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/backend_override.tf'
        mode: '0600'
      when: item.get("backend_override", false) is truthy
      changed_when: false

    - name: deploy k8s resources
      community.general.terraform:
        binary_path: "{{ provisioner_facts.tofu_binary_path }}"
        project_path: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}'
        provider_upgrade: true
        force_init: true
      environment: '{{ item.get("backend_env", {}) }}'

    - name: cleanup override file
      ansible.builtin.file:
        path: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/backend_override.tf'
        state: absent
      when: item.get("backend_override", false) is truthy
      changed_when: false

    - name: backup source state file
      ansible.builtin.copy:
        src: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate'
        dest: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate.previous'
        force: true
        mode: '0600'
      when: item.get("backend_override", false) is falsy

    - name: update source tfstate file
      ansible.builtin.copy:
        src: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfstate'
        dest: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate'
        force: true
        mode: '0600'
      when: item.get("backend_override", false) is falsy