Generate LXD tfvars instead of environment variable

.gitignore

@@ -4,5 +4,7 @@ metal/secrets/
 
 *.log
 .terraform*
+terraform.tfvars
 kube_config.yaml
+private.pem
 terraform.tfstate*

infra/platform/terraform.tf

@@ -21,6 +21,14 @@ terraform {
 provider "lxd" {
   generate_client_certificates = true
   accept_remote_certificate    = true
+
+  lxd_remote {
+    name     = "homelab"
+    scheme   = "https"
+    address  = var.lxd_address
+    password = var.lxd_password
+    default  = true
+  }
 }
 
 provider "rke" {

infra/platform/variables.tf

@@ -0,0 +1,7 @@
+variable "lxd_address" {
+  description = "LXD cluster address, should be generated automatically from metal"
+}
+
+variable "lxd_password" {
+  description = "Password to connect to LXD cluster, should be generated automatically from metal"
+}

metal/roles/lxd/tasks/main.yml

@@ -35,18 +35,19 @@
     creates: /var/snap/lxd/common/lxd/server.crt
   when: inventory_hostname != groups['metal'][0]
 
+# TODO optimize: use template for tfvars
 - name: Add LXD server to environment variables
   lineinfile:
-    path: "{{ playbook_dir }}/secrets/env"
-    line: "LXD_ADDR={{ hostvars[groups['metal'][0]]['ansible_host'] }}"
+    path: "{{ playbook_dir }}/../infra/platform/terraform.tfvars"
+    line: "lxd_address = \"{{ hostvars[groups['metal'][0]]['ansible_host'] }}\""
     create: yes
   delegate_to: localhost
   run_once: yes
 
 - name: Add LXD password to environment variables
   lineinfile:
-    path: "{{ playbook_dir }}/secrets/env"
-    line: "LXD_PASSWORD={{ lxd_password }}"
+    path: "{{ playbook_dir }}/../infra/platform/terraform.tfvars"
+    line: "lxd_password = \"{{ lxd_password }}\""
     create: yes
   delegate_to: localhost
   run_once: yes