iac-opentofu-public/vaultwarden.tf

provider "bitwarden" {
  server        = var.vaultwarden_server
  email           = var.vaultwarden_email
  master_password = var.vaultwarden_master_password
}
provider "vaultwarden" {
  endpoint        = var.vaultwarden_server
  email           = var.vaultwarden_email
  master_password = var.vaultwarden_master_password
  admin_token     = var.vaultwarden_admin_token
}

resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
  name     = "fenix"
  email    = var.vaultwarden_email
  password = var.vaultwarden_master_password
}

resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
  name = "fenix-iac"
}

resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
  organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
  name            = "iac-collection"
}

resource "bitwarden_item_login" "administrative-user" {
  name     = "teste"
  username = "teste"
  password = "teste"
  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
}


resource "bitwarden_item_secure_note" "hosts-ini" {
  name            = "iac.ansible.hosts.ini"
  notes           = <<EOT
  ${local.hosts_ini}
EOT
  organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
  reprompt = true 
}

locals{

  hosts_ini = <<EOT

[master]
master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}

[workers]
%{ for vm in var.proxmox_k8s_vms ~}
%{ if i != 0 }
worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
%{ endif }  
%{ endfor }

EOT
  }