Add terraform_state role

ansible.cfg

 [defaults]
-inventory = hosts
+inventory = hosts,hcloud.yml
 library = library
 remote_tmp = $HOME/.ansible/tmp
 remote_user = root

group_vars/all/vault_terraform.yml

+$ANSIBLE_VAULT;1.1;AES256
+30656565643434313362333866306130643134393661383564663033653163666636343963343162
+3037333534363534333632323935633832386666316661300a316266666636616666383035663861
+38383733333332643439353738313762343937393936323839353734326161343835333864376366
+3337333632653733610a326430313761333565323062623566366166323834393864316365376331
+65626631363765613033356565346436396266366539303365626332616130376236396261636362
+38646237336531316235306564353361376461356363326165666439623762396464633861616530
+306331363434653935383063393665633931

hcloud.yml

+plugin: hcloud

hosts

@@ -52,5 +52,5 @@ repro2.pkgbuild.com
 [hcloud]
 state.cloud.archlinux.org
 
-[service-terraform-state]
+[terraform-state]
 state.cloud.archlinux.org

playbooks/terraforms-state.yml → playbooks/terraform-state.yml

 ---
 
-- name: "prepare postgres ssl hosts list"
-  hosts: apollo.archlinux.org
-  tasks:
-      - set_fact: postgres_ssl_hosts4="0.0.0.0/0"
-      - set_fact: postgres_ssl_hosts6="::/0"
-
 - name: setup terraform-state
-  hosts: service-terraform-state
+  hosts: terraform-state
   remote_user: root
   roles:
     - { role: common, tags: ['common'] }
@@ -23,3 +17,4 @@
       postgres_ssl: 'on'
       postgres_shared_buffers: 512MB
       tags: ['postgres']
+    - { role: terraform_state, tags: ['terraform_state'] }

roles/terraform_state/defaults/main.yml

+---
+
+terraform_db_user: "terraform"
+terraform_db: "terraform"

roles/terraform_state/tasks/main.yml

+---
+
+- name: create terraform state db user
+  postgresql_user: name={{ terraform_db_user }} password={{ vault_terraform_db_password }} encrypted=true
+  become: yes
+  become_user: postgres
+  become_method: su
+
+- name: create terraform state db
+  postgresql_db: db="{{ terraform_db }}"
+  become: yes
+  become_user: postgres
+  become_method: su