D misc/read-vault.py => misc/read-vault.py +0 -26
@@ 1,26 0,0 @@
-#!/usr/bin/python
-
-import sys
-from json import dumps
-from os import chdir
-from pathlib import Path
-
-from ansible.cli import CLI
-from ansible.constants import DEFAULT_VAULT_IDENTITY_LIST
-from ansible.parsing.dataloader import DataLoader
-
-vault_path = sys.argv[1]
-
-project_root = Path(__file__).resolve().parents[1]
-chdir(project_root)
-
-loader = DataLoader()
-vault_secret = CLI.setup_vault_secrets(
- loader=loader,
- vault_ids=DEFAULT_VAULT_IDENTITY_LIST,
- vault_password_files=["misc/vault-pass.sh"],
-)
-loader.set_vault_secrets(vault_secret)
-data = loader.load_from_file(vault_path)
-
-print(dumps(data))
M terraform_hetzner/hetzner.tf => terraform_hetzner/hetzner.tf +3 -4
@@ 4,13 4,12 @@ terraform {
}
}
-data "external" "vault_hetzner" {
- program = ["${path.module}/../misc/read-vault.py",
- "group_vars/all/vault_hetzner.yml"]
+data "vault_generic_secret" "hetzner" {
+ path = "ansible/hetzner"
}
provider "hetznerdns" {
- apitoken = data.external.vault_hetzner.result.vault_hetzner_dns_key
+ apitoken = data.vault_generic_secret.hetzner.data["dns_key"]
}
resource "hetznerdns_zone" "xenrox_net" {
M terraform_keycloak/keycloak.tf => terraform_keycloak/keycloak.tf +4 -5
@@ 8,9 8,8 @@ data "vault_generic_secret" "keycloak" {
path = "ansible/keycloak"
}
-data "external" "vault_email" {
- program = ["${path.module}/../misc/read-vault.py",
- "group_vars/all/vault_email.yml"]
+data "vault_generic_secret" "email" {
+ path = "ansible/email"
}
provider "keycloak" {
@@ 41,8 40,8 @@ resource "keycloak_realm" "xenrox" {
ssl = true
auth {
- username = data.external.vault_email.result.vault_email_noreply_mail
- password = data.external.vault_email.result.vault_email_noreply_password
+ username = data.vault_generic_secret.email.data["noreply_user"]
+ password = data.vault_generic_secret.email.data["noreply_password"]
}
}
M terraform_vault/secrets.tf => terraform_vault/secrets.tf +4 -2
@@ 1,6 1,8 @@
locals {
- users = toset(["xenrox", "seeguen", "test"])
- ansible_secrets = toset(["keycloak", "nextcloud", "peertube", "vault"])
+ users = toset(["xenrox", "seeguen", "test"])
+ ansible_secrets = toset([
+ "email", "hetzner", "keycloak", "nextcloud", "peertube", "vault"
+ ])
}
resource "vault_generic_secret" "ansible_secrets" {