From 9e1623af9aeb464b37776c29d85589c9f854b9da Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Thu, 7 Jun 2018 00:13:24 +0200
Subject: [PATCH] Improve group vars vault usage for postgres

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 group_vars/all/vault_postgres.yml         | 29 ++++++++++++-----------
 roles/archweb/tasks/main.yml              |  4 ++--
 roles/matrix/tasks/main.yml               |  2 +-
 roles/matrix/templates/homeserver.yaml.j2 |  2 +-
 roles/patchwork/tasks/main.yml            |  4 ++--
 roles/postgres/tasks/main.yml             |  2 +-
 roles/quassel/tasks/main.yml              |  4 ++--
 7 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/group_vars/all/vault_postgres.yml b/group_vars/all/vault_postgres.yml
index 126953f40..789b8e0bc 100644
--- a/group_vars/all/vault_postgres.yml
+++ b/group_vars/all/vault_postgres.yml
@@ -1,15 +1,16 @@
 $ANSIBLE_VAULT;1.1;AES256
-31663532356262356534386231636233643236356664396232643832643835663861366530653463
-3030313737336263303837373061656631316436346638380a346163313831313835623063643734
-61313134663965653930633134616263653233323739323438323466616666613737386262636664
-6164326438353137390a643837386264333733303235666436363663353635376363626363323831
-31383334666634646564646330646338393933346663656130616433316531633738376463393062
-39316262646235373263663361343864356633346232623338356163326232373864383234383732
-34383533346237616632363833333238336163303161306630613535333333653563653261313932
-36626436633333646530336533636630346639386238323932363039323164653237343062393965
-30353137346361653135626563653862616439626262326538323364363638393664666565626363
-36323537306465323761646633373738626535663632646365613033353531323132663963336131
-63356563353363653039343633653536336535313633346331313261356438333236316465313832
-61376636343933383232333062633331376335343561316463646236643962636463346462303139
-65633636373865333635326262633934653366323532626430323637663535313734356164386461
-3935373133363230313439656630623364306638643566343163
+64633437393662663932393531633364656234383561313231383866366232356337616531623766
+3230333133303336343135323335316635633935303631380a653134313430393430653161613566
+66656366336330343639393362616661303363636437643938343938323231363532613631323038
+3266373761636663370a366336353963313532643035633935626663373166313432346164653332
+61633235643734646539323066366561663638626131653933363164666632666131386132383737
+37323331343330633639623035313463356134323464333164626562383935616366366332323065
+39383766373064616461303930663262353161653030306363363263303430333732323936353236
+62626634336331333530386130323533366639353065353462346435373634666665326137636461
+33343339646138656337336132323263613233363130316261636632643332383766643235613366
+62323339383439353866326237616330626438343236333639313538636339663732353866656336
+62636430616464393831356663316130393233316535663062343532366237633666613335343739
+65633562373565626333366539376266333764326265643038306235366636663461666535656437
+38333536653433306530626634336234306264613061336639326666326366343530363634656434
+65313364636133346136626538363033343833653464666161303036663664623339313036373331
+363932363664663935313430323561353365
diff --git a/roles/archweb/tasks/main.yml b/roles/archweb/tasks/main.yml
index b4bbc1b5e..78451f17f 100644
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -59,7 +59,7 @@
   no_log: true
 
 - name: create archweb db users
-  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ postgres_users.postgres }}" encrypted=yes
+  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
   no_log: true
   when: archweb_site or archweb_services
   with_items:
@@ -69,7 +69,7 @@
     - { user: "{{ archweb_db_backup_user }}", password: "{{ vault_archweb_db_backup_password }}" }
 
 - name: create archweb db
-  postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
+  postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
   when: archweb_site or archweb_services
   register: db_created
 
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 64de15c28..2051e7019 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -74,7 +74,7 @@
   become_method: su
 
 - name: add synapse postgres user
-  postgresql_user: db=synapse name=synapse password={{ postgres_users.synapse }} encrypted=true
+  postgresql_user: db=synapse name=synapse password={{ vault_postgres_users.synapse }} encrypted=true
   become: yes
   become_user: postgres
   become_method: su
diff --git a/roles/matrix/templates/homeserver.yaml.j2 b/roles/matrix/templates/homeserver.yaml.j2
index c7787c44f..a68a40d97 100644
--- a/roles/matrix/templates/homeserver.yaml.j2
+++ b/roles/matrix/templates/homeserver.yaml.j2
@@ -136,7 +136,7 @@ database:
   args:
     dbname: synapse
     user: synapse
-    password: {{ postgres_users.synapse }}
+    password: {{ vault_postgres_users.synapse }}
     cp_min: 5
     cp_max: 10
 
diff --git a/roles/patchwork/tasks/main.yml b/roles/patchwork/tasks/main.yml
index 0fb9224de..915b42088 100644
--- a/roles/patchwork/tasks/main.yml
+++ b/roles/patchwork/tasks/main.yml
@@ -43,14 +43,14 @@
   no_log: true
 
 - name: create patchwork db users
-  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ patchwork_db_host }}" login_password="{{ postgres_users.postgres }}" encrypted=yes
+  postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
   no_log: true
   with_items:
     - { user: "{{ patchwork_db_user }}", password: "{{ patchwork_db_password }}" }
     - { user: "{{ patchwork_db_backup_user }}", password: "{{ patchwork_db_backup_password }}" }
 
 - name: create patchwork db
-  postgresql_db: name="{{ patchwork_db }}" login_host="{{ patchwork_db_host }}" login_password="{{ postgres_users.postgres }}" owner="{{ patchwork_db_user }}"
+  postgresql_db: name="{{ patchwork_db }}" login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ patchwork_db_user }}"
   register: db_created
 
 - name: django migrate
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index 726b485fb..49aa0f131 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -29,7 +29,7 @@
   command: systemctl set-property postgresql CPUAccounting=yes MemoryAccounting=yes
 
 - name: set postgres user password
-  postgresql_user: name=postgres password={{ postgres_users.postgres }} encrypted=yes
+  postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
   become: yes
   become_user: postgres
   become_method: su
diff --git a/roles/quassel/tasks/main.yml b/roles/quassel/tasks/main.yml
index 4fdcbfe0d..7f240e7bf 100644
--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -10,7 +10,7 @@
   become_method: su
 
 - name: add quassel postgres user
-  postgresql_user: db=quassel name=quassel password={{ postgres_users.quassel }} encrypted=true
+  postgresql_user: db=quassel name=quassel password={{ vault_postgres_users.quassel }} encrypted=true
   become: yes
   become_user: postgres
   become_method: su
@@ -24,7 +24,7 @@
     responses:
       Username: ''
       Password:
-        - '{{ postgres_users.quassel }}'
+        - '{{ vault_postgres_users.quassel }}'
         - ''
         - ''
         - ''
-- 
GitLab