Use Ansible provisioner module for VPN

infra/modules/ansible-provisioner/main.tf

@@ -1,10 +1,10 @@
 resource "null_resource" "ansible_provisioner" {
   triggers = {
-    ansible_hash = md5(join("", [for files in fileset("${var.ansible_directory}/", "**") : file("${var.ansible_directory}/${files}")]))
+    ansible_hash = md5(join("", [for files in fileset("${var.directory}/", "**") : file("${var.directory}/${files}")]))
   }
 
   provisioner "local-exec" {
-    command = "ansible-playbook --user ${var.ansible_user} --inventory ${join(",", var.ansible_inventory)}, --private-key ${var.ansible_private_key} ${path.ansible_directory}/${var.ansible_playbook}"
+    command = "ansible-playbook --user ${var.user} --inventory ${join(",", var.inventory)}, --private-key ${var.private_key} ${var.directory}/${var.playbook}"
 
     environment = {
       ANSIBLE_HOST_KEY_CHECKING = "False"

infra/modules/ansible-provisioner/variables.tf

@@ -1,26 +1,26 @@
-var "ansible_directory" {
+variable "directory" {
   description = "Path to Ansible directory"
   type        = string
 }
 
-var "ansible_playbook" {
+variable "playbook" {
   description = "Path to Ansible playbook, relative to Ansible directory"
   type        = string
   default     = "main.yml"
 }
 
-var "ansible_user" {
+variable "user" {
   description = "User to connect as"
   type        = string
   default     = "ubuntu"
 }
 
-var "ansible_inventory" {
+variable "inventory" {
   description = "List of hosts for Ansible to run against"
   type        = list(string)
 }
 
-var "ansible_private_key" {
+variable "private_key" {
   description = "Private key file to authenticate the connection"
-  type        = list(string)
+  type        = string
 }

infra/modules/vpn/main.tf

@@ -40,16 +40,11 @@ resource "lxd_container" "vpn" {
   }
 }
 
-resource "null_resource" "ansible" {
-  triggers = {
-    ansible_hash = md5(join("", [for f in fileset("${path.module}/ansible/", "**") : file("${path.module}/ansible/${f}")]))
-  }
-
-  provisioner "local-exec" {
-    command = "ansible-playbook -u ubuntu -i ${lxd_container.vpn.ip_address}, --private-key ${local_file.ssh_private_key.filename} ${path.module}/ansible/main.yml"
-
-    environment = {
-      ANSIBLE_HOST_KEY_CHECKING = "False"
-    }
-  }
+module "ansible_provisioner" {
+  source      = "../ansible-provisioner"
+  directory   = "${path.module}/ansible"
+  private_key = local_file.ssh_private_key.filename
+  inventory = [
+    lxd_container.vpn.ip_address
+  ]
 }