From 40ce7c1550e1407f937079fb19b0376493ad17c1 Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Tue, 9 Jan 2024 18:49:36 +0100
Subject: [PATCH] feat: improce variable management

---
 ansible/group_vars/NAS/ftp                    |  3 +++
 ansible/group_vars/NAS/{main => nfs}          |  3 ---
 ansible/group_vars/NAS/nomad                  |  1 +
 ansible/group_vars/{homelab => cluster}/mount |  0
 ansible/group_vars/cluster/nomad              |  1 +
 ansible/group_vars/production                 |  3 +++
 ansible/group_vars/staging                    |  4 ++++
 ansible/playbooks/HashicorpStack.yml          | 12 ++++++++++--
 ansible/production                            | 12 +++++++++---
 ansible/staging                               | 12 +++++++++---
 10 files changed, 40 insertions(+), 11 deletions(-)
 create mode 100644 ansible/group_vars/NAS/ftp
 rename ansible/group_vars/NAS/{main => nfs} (89%)
 create mode 100644 ansible/group_vars/NAS/nomad
 rename ansible/group_vars/{homelab => cluster}/mount (100%)
 create mode 100644 ansible/group_vars/cluster/nomad

diff --git a/ansible/group_vars/NAS/ftp b/ansible/group_vars/NAS/ftp
new file mode 100644
index 0000000..a14b808
--- /dev/null
+++ b/ansible/group_vars/NAS/ftp
@@ -0,0 +1,3 @@
+vsftpd_config:
+    local_root: "/var/local/volume1"
+    seccomp_sandbox: False
diff --git a/ansible/group_vars/NAS/main b/ansible/group_vars/NAS/nfs
similarity index 89%
rename from ansible/group_vars/NAS/main
rename to ansible/group_vars/NAS/nfs
index 847627e..742d77a 100644
--- a/ansible/group_vars/NAS/main
+++ b/ansible/group_vars/NAS/nfs
@@ -13,6 +13,3 @@ nfs_exports:
     - "/var/local/volume1/CardDav {{nfs_cluster_list}}"
 
 
-vsftpd_config:
-    local_root: "/var/local/volume1"
-    seccomp_sandbox: False
diff --git a/ansible/group_vars/NAS/nomad b/ansible/group_vars/NAS/nomad
new file mode 100644
index 0000000..4cc8ce7
--- /dev/null
+++ b/ansible/group_vars/NAS/nomad
@@ -0,0 +1 @@
+nomad_node_class: 'NAS'
diff --git a/ansible/group_vars/homelab/mount b/ansible/group_vars/cluster/mount
similarity index 100%
rename from ansible/group_vars/homelab/mount
rename to ansible/group_vars/cluster/mount
diff --git a/ansible/group_vars/cluster/nomad b/ansible/group_vars/cluster/nomad
new file mode 100644
index 0000000..a64ecf1
--- /dev/null
+++ b/ansible/group_vars/cluster/nomad
@@ -0,0 +1 @@
+nomad_node_class: 'cluster'
diff --git a/ansible/group_vars/production b/ansible/group_vars/production
index 541e8df..a63d4ee 100644
--- a/ansible/group_vars/production
+++ b/ansible/group_vars/production
@@ -3,6 +3,9 @@ domain:
 consul_bootstrap_expect: 3
 consul_domain: "consul"
 nomad_bootstrap_expect: 3
+nomad_client_meta: 
+  - name: "env"
+    value: "production"
 vault_unseal_keys_dir_output: "~/vaultUnseal/production"
 env_default_nfs_path: "/volume2"
 env_media_nfs_path: "/volume1"
diff --git a/ansible/group_vars/staging b/ansible/group_vars/staging
index 8b169c5..f3fa539 100644
--- a/ansible/group_vars/staging
+++ b/ansible/group_vars/staging
@@ -5,6 +5,10 @@ domain:
 consul_bootstrap_expect: 2
 consul_domain: "consul"
 nomad_bootstrap_expect: 2
+nomad_client_meta: 
+  - name: "env"
+    value: "staging"
+
 vault_unseal_keys_dir_output: "~/vaultUnseal/staging"
 hosts_entries:
     - ip: "{{ hostvars['nas-dev']['ansible_default_ipv4']['address'] }}"
diff --git a/ansible/playbooks/HashicorpStack.yml b/ansible/playbooks/HashicorpStack.yml
index e8fec82..3bfe5ac 100644
--- a/ansible/playbooks/HashicorpStack.yml
+++ b/ansible/playbooks/HashicorpStack.yml
@@ -5,18 +5,26 @@
     - role: ansible-hashicorp-vault
       become: true
   post_tasks:
+    - name: Reading root contents
+      ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"
+      register: root_token
+      delegate_to: localhost
+      changed_when: false
+    - name: debug
+      ansible.builtin.debug:
+        var: root_token
     - name: Generate nomad token
       community.hashi_vault.vault_token_create:
         renewable: true
         policies: "nomad-server-policy"
         period: 72h
         no_parent: true
-        token: "{{ vault_init_parsed.root_token }}"
+        token: "{{ root_token.stdout }}"
         url: http://{{ ansible_default_ipv4.address }}:8200
         retries: 4
       run_once: true
       delegate_to: localhost
-      when: vault_init_parsed.root_token is defined
+      when: root_token.stdout is defined
       register: nomad_token_data
 
     - name: Gather nomad token
diff --git a/ansible/production b/ansible/production
index c1d5f0d..4fe3d02 100644
--- a/ansible/production
+++ b/ansible/production
@@ -21,12 +21,18 @@ bleys
 [wireguard:children]
 production
 
+[NAS]
+nas
 
-
-[homelab]
+[cluster]
 oscar
-bleys
 gerard
+bleys
+
+
+[homelab:children]
+NAS
+cluster
 
 [VPS]
 corwin
diff --git a/ansible/staging b/ansible/staging
index fcfb9e2..69429f1 100644
--- a/ansible/staging
+++ b/ansible/staging
@@ -13,10 +13,17 @@ database_standby
 [wireguard:children]
 staging
 
-[homelab]
+[NAS]
+nas-dev
+
+[cluster]
 oscar-dev
 gerard-dev
 
+[homelab:children]
+NAS
+cluster
+
 [VPS]
 merlin-dev
 
@@ -25,8 +32,7 @@ homelab
 VPS
 staging
 
-[NAS]
-nas-dev
+
 
 [staging]
 oscar-dev