remove wireguard endpoint

allow postgresql from everywhere with password terraform state without wireguard
2023-06-30 15:55:16 +02:00 · 2023-06-30 15:55:16 +02:00 · 596c0e98c3
commit 596c0e98c3
parent c9ebc76428
6 changed files with 20 additions and 53 deletions
--- a/ansible/hypervisors.yml
+++ b/ansible/hypervisors.yml
@ -43,10 +43,17 @@
 - name: Setup special services
  hosts: atlas

+  pre_tasks:
+    - name: Create terraform database
+      include_role:
+        name: postgresql_database
+      vars:
+        database_name: terraform_state
+        database_user: terraform
+        database_password: "{{ terraform_db_password }}"
+
  roles:
-    - {role: postgresql, tags: postgresql}
    - {role: ssh_ca, tags: ssh_ca}
-    - {role: wireguard, tags: wireguard}

 - hosts: hypervisors

--- a/ansible/inventory/host_vars/atlas/postgresql.yml
+++ b/ansible/inventory/host_vars/atlas/postgresql.yml
@ -0,0 +1,8 @@
+terraform_db_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  63343662633564343266666137313830333333666663393639633664356463343063666334616665
+  6664333262343337333136656161383963396262616662620a623831383438613230396463353933
+  38633265333239613232616532373635623433613136343264366635666462373062393566313233
+  3338373062333635370a646563663639353033363737623064313464363332323831646262326138
+  62303530626239643963623530613631636631363234383161363736613139643939653438316166
+  6465346362373161353733343431336235323161313831303934
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -10,5 +10,6 @@
 - name: ssh_ca_known_hosts
  src: https://git.pim.kunis.nl/home/ansible-role-ssh-ca-known-hosts
  scm: git
- name: wireguard
-  src: githubixx.ansible_role_wireguard
+- name: postgresql_database
+  src: https://git.pim.kunis.nl/home/ansible-role-postgresql-database
+  scm: git
--- a/ansible/roles/postgresql/handlers/main.yml
+++ b/ansible/roles/postgresql/handlers/main.yml
@ -1,4 +0,0 @@
- name: restart postgres
-  systemd:
-    name: postgresql
-    state: restarted
--- a/ansible/roles/postgresql/tasks/main.yml
+++ b/ansible/roles/postgresql/tasks/main.yml
@ -1,44 +0,0 @@
- name: Create terraform database
-  postgresql_db:
-    name: terraform_state
-    owner: terraform
-  become: true
-  become_user: postgres
-
- name: Create database user
-  postgresql_user:
-    name: terraform
-  become: true
-  become_user: postgres
-
- name: Grant database user access to database
-  postgresql_privs:
-    type: database
-    database: terraform_state
-    roles: terraform
-    grant_option: no
-    privs: all
-  become: true
-  become_user: postgres
-  notify: restart postgres
-
- name: Allow remote access to database for user
-  postgresql_pg_hba:
-    dest: /etc/postgresql/15/main/pg_hba.conf
-    contype: host
-    databases: all
-    method: trust
-    users: terraform
-    address: "10.42.0.0/24"
-    create: true
-  become: true
-  become_user: postgres
-  notify: restart postgres
-    
- name: Open postgres port
-  ini_file:
-    path: /etc/postgresql/15/main/postgresql.conf
-    section: null
-    option: listen_addresses
-    value: "'*'"
-  notify: restart postgres
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -1,7 +1,6 @@
 terraform {
  backend "pg" {
    schema_name = "bootstrap"
-    conn_str    = "postgres://terraform@10.42.0.1/terraform_state"
  }

  required_providers {