Change vars around and fix some stuff, use per-service vault inclusion

2020-05-21 20:16:53 +02:00 · 2020-05-21 20:16:53 +02:00 · 4c83c16780
parent 95c334a065
commit 4c83c16780
2 changed files with 13 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+vault/
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,3 +1,8 @@
+- name: Include sensitive info
+  include_vars:
+        dir: '/vault/main.yml'
+  tags:
+        - vault
 - name: PostgreSQL listen on private subnet
  replace:
        path: /etc/postgresql/12/main/postgresql.conf
@ -10,10 +15,10 @@
  become: yes
  become_user: postgres
  postgresql_user:
-        port: '{{ services.postgres.port }}'
+        port: '{{ postgres.port }}'
        db: postgres
-        name: "{{ postgres.user }}"
-        password: "{{ postgres.password }}"
+        name: "{{ vault_postgres.user }}"
+        password: "{{ vault_postgres.password }}"
  tags:
        - postgres
        - vault
@ -21,12 +26,12 @@
  become: yes
  become_user: postgres
  postgresql_user:
-        port: '{{ services.postgres.port }}'
+        port: '{{ postgres.port }}'
        db: postgres
        name: '{{ item }}'
        role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"
-        password: "{{ postgres.dbpass[item] }}"
-  loop: "{{ services.postgres.databases }}"
+        password: "{{ vault_postgres.dbpass[item] }}"
+  loop: "{{ postgres.databases }}"
  tags:
        - postgres
        - vault
@ -36,7 +41,7 @@
  postgresql_db:
        name: '{{ item }}'
        owner: '{{ item }}'
-  loop: "{{ services.postgres.databases }}"
+  loop: "{{ postgres.databases }}"
  tags:
        - postgres
        - vault