Set up database group for database hosts

4 files changed, 9 insertions, 3 deletions

diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml
index 0f1b8bb..eba3319 100644
--- a/ansible/group_vars/all/nftables.yml
+++ b/ansible/group_vars/all/nftables.yml
@@ -14,7 +14,7 @@ nftables_configuration: |
       }
     }
 
-  {% if inventory_hostname == 'lovelace' %}
+  {% if "databases" in group_names %}
     # Access control for database server
     set possible_lke_ipv4_addrs {
       type ipv4_addr
@@ -60,7 +60,7 @@ nftables_configuration: |
       iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept
   {% endif %}
 
-  {% if inventory_hostname == 'lovelace' %}
+  {% if "databases" in group_names %}
       # PostgreSQL connections
       iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept
   {% if ansible_default_ipv6 is defined %}
diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml
index 5239457..5d8e3cb 100644
--- a/ansible/inventory/hosts.yaml
+++ b/ansible/inventory/hosts.yaml
@@ -10,5 +10,8 @@ all:
     nginx:
       hosts:
         turing:
+    databases:
+      hosts:
+        lovelace:
   vars:
     wireguard_port: 46850
diff --git a/ansible/local_testing/hosts.yaml b/ansible/local_testing/hosts.yaml
index 9e8c263..e7f36cc 100644
--- a/ansible/local_testing/hosts.yaml
+++ b/ansible/local_testing/hosts.yaml
@@ -24,3 +24,6 @@ all:
     nginx:
       hosts:
         turing:
+    databases:
+      hosts:
+        lovelace:
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
index bd786fa..e963a31 100644
--- a/ansible/playbook.yml
+++ b/ansible/playbook.yml
@@ -24,6 +24,6 @@
     - nginx-cloudflare-mtls
 
 - name: Deploy our PostgreSQL database hosts
-  hosts: lovelace
+  hosts: databases
   roles:
     - postgres