The new tasks PWA (Reminders-style front-end over Nextcloud CalDAV, per tasks/docs/2026-07-03-tasks-pwa-design.md) needs its own Postgres database for Connected Accounts and sync state. Follows the tripit/job_hunter pattern exactly: idempotent null_resource creates role+db on the CNPG primary with a placeholder password, and the Vault database engine static role pg-tasks (added to the postgresql connection allowed_roles) rotates the real password every 7 days, consumed by the tasks stack via a vault-database ExternalSecret. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| main.tf | ||
| providers.tf | ||
| secrets | ||
| terragrunt.hcl | ||