Add rest of database services to terraform

2024-09-28 22:43:47 +02:00 · 2024-09-28 22:43:47 +02:00 · d0388ef6d6
commit d0388ef6d6
parent 1831cddffa
7 changed files with 80 additions and 21 deletions
--- a/roles/authentik/vars/main.yml
+++ b/roles/authentik/vars/main.yml
@ -6,9 +6,9 @@ authentik_svc:
  image_tag: 2024.8
  db:
    host: "{{ postgres.host }}"
-    database: authentik
+    user: "{{ opentofu.postgresql_data.authentik.user }}"
-    user: "{{ vault_authentik.db.user }}"
+    pass: "{{ opentofu.postgresql_data.authentik.pass }}"
-    pass: "{{ vault_authentik.db.pass }}"
+    database: "{{ opentofu.postgresql_data.authentik.database }}"
 authentik_env:
  AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
--- a/roles/shlink/vars/main.yml
+++ b/roles/shlink/vars/main.yml
@ -20,9 +20,9 @@ shlink_env:
  DB_DRIVER: postgres
  DB_HOST: "{{ postgres.host }}"
  DB_PORT: "{{ postgres.port }}"
-  DB_NAME: shlink
+  DB_NAME: "{{ opentofu.postgresql_data.shlink.database }}"
-  DB_USER: "{{ vault_shlink.db.user }}"
+  DB_USER: "{{ opentofu.postgresql_data.shlink.user }}"
-  DB_PASSWORD: "{{ vault_shlink.db.pass }}"
+  DB_PASSWORD: "{{ opentofu.postgresql_data.shlink.pass }}"
  GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}"
--- a/roles/synapse/vars/main.yml
+++ b/roles/synapse/vars/main.yml
@ -19,9 +19,9 @@ synapse_svc:
      port: 8008
  db:
    host: "{{ postgres.host }}"
-    database: synapse
+    user: "{{ opentofu.postgresql_data.synapse.user }}"
-    user: "{{ vault_synapse.db.user }}"
+    pass: "{{ opentofu.postgresql_data.synapse.pass }}"
-    pass: "{{ vault_synapse.db.pass }}"
+    database: "{{ opentofu.postgresql_data.synapse.database }}"
  config_path: config
 synapse_env:
@ -80,9 +80,9 @@ synapse_yml:
  oidc_providers:
    - idp_id: auth_serguzim_me
      idp_name: auth.serguzim.me
-      issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/
+      issuer: "{{ opentofu.authentik_data.synapse.base_url }}"
-      client_id: "{{ vault_synapse.oidc_client.id }}"
+      client_id: "{{ opentofu.authentik_data.synapse.client_id }}"
-      client_secret: "{{ vault_synapse.oidc_client.secret }}"
+      client_secret: "{{ opentofu.authentik_data.synapse.client_secret }}"
      scopes:
        - openid
        - profile
--- a/roles/tandoor/vars/main.yml
+++ b/roles/tandoor/vars/main.yml
@ -6,9 +6,9 @@ tandoor_svc:
  db:
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
-    database: tandoor
+    user: "{{ opentofu.postgresql_data.tandoor.user }}"
-    user: "{{ vault_tandoor.db.user }}"
+    pass: "{{ opentofu.postgresql_data.tandoor.pass }}"
-    pass: "{{ vault_tandoor.db.pass }}"
+    database: "{{ opentofu.postgresql_data.tandoor.database }}"
 tandoor_env:
  DEBUG: 0
--- a/roles/telegraf/vars/main.yml
+++ b/roles/telegraf/vars/main.yml
@ -19,11 +19,11 @@ telegraf_svc:
      - https://git.serguzim.me/metrics
    bearer_token: "{{ vault_metrics_token }}"
  postgresql:
    user: "{{ vault_telegraf.db.user }}"
    pass: "{{ vault_telegraf.db.pass }}"
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
-    database: telegraf
+    user: "{{ opentofu.postgresql_data.telegraf.user }}"
    pass: "{{ opentofu.postgresql_data.telegraf.pass }}"
    database: "{{ opentofu.postgresql_data.telegraf.database }}"
  docker_log:
    endpoint: unix:///var/run/docker.sock
    source_tag: false
--- a/roles/woodpecker/vars/main.yml
+++ b/roles/woodpecker/vars/main.yml
@ -10,9 +10,9 @@ woodpecker_svc:
  db:
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
-    database: woodpecker
+    database: "{{ opentofu.postgresql_data.woodpecker.database }}"
-    user: "{{ vault_woodpecker.db.user }}"
+    user: "{{ opentofu.postgresql_data.woodpecker.user }}"
-    pass: "{{ vault_woodpecker.db.pass }}"
+    pass: "{{ opentofu.postgresql_data.woodpecker.pass }}"
 woodpecker_env:
  WOODPECKER_OPEN: true
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -6,6 +6,13 @@ services = {
    database = true
    s3 = false
  },
  "authentik" = {
    name = "authentik"
    subdomain = "auth"
    auth = false
    database = true
    s3 = false
  },
  "forgejo" = {
    name = "forgejo"
    subdomain = "git"
@ -14,6 +21,14 @@ services = {
    database = true
    s3 = true
  },
  "immich" = {
    name = "immich"
    subdomain = "gallery"
    auth = true
    auth_redirects = ["https://gallery.serguzim.me/auth/login"]
    database = false
    s3 = false
  },
  "linkwarden" = {
    name = "linkwarden"
    subdomain = "bookmarks"
@ -22,6 +37,35 @@ services = {
    database = true
    s3 = true
  },
  "shlink" = {
    name = "shlink"
    subdomain = "redirect" # not really. It's msrg.cc
    auth = false
    database = true
    s3 = false
  },
  "synapse" = {
    name = "synapse"
    subdomain = "matrix"
    auth = true
    auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
    database = true
    s3 = false
  },
  "tandoor" = {
    name = "tandoor"
    subdomain = "recipes"
    auth = false
    database = true
    s3 = false
  },
  "telegraf" = {
    name = "telegraf"
    subdomain = "telegraf" # actually no subdomain
    auth = false
    database = true
    s3 = false
  },
  "tinytinyrss" = {
    name = "tinytinyrss"
    subdomain = "rss"
@ -36,6 +80,13 @@ services = {
    database = true
    s3 = false
  },
  "uptime_kuma" = {
    name = "uptime_kuma"
    subdomain = "status"
    auth = false
    database = true
    s3 = false
  },
  "vikunja" = {
    name = "vikunja"
    subdomain = "todo"
@ -48,6 +99,14 @@ services = {
    name = "wiki_js"
    subdomain = "wiki"
    auth = true
    auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"]
    database = true
    s3 = false
  },
  "woodpecker" = {
    name = "woodpecker"
    subdomain = "ci"
    auth = false
    database = true
    s3 = false
  },