9be0672aa3
Two pre-existing apply failures uncovered during the Phase 4 mass apply, unrelated to the auth refactor but blocking 100% rollout. claude-memory: - `var.claude_memory_db_password` had no default and wasn't passed by terragrunt → fall back to Vault `secret/claude-memory.db_password` via `coalesce(var.x, data.vault.data["db_password"])`. - db-init Job was failing with `database "root" does not exist` because psql defaults the database name to the user when -d is omitted. Added `-d postgres` to all five psql invocations. resume: - `var.resume_database_url` had no default and wasn't passed → default to empty string. Vault carries the real value at `secret/resume.database_url` consumed at the deployment env-var level; the variable here just needs a value to satisfy the apply. Also: priority-pass had lost most of its TF state (only 3 of 8 resources tracked); imported namespace/service/pvc/deployment/ingress/tls-secret to re-bind state with live K8s resources. No code change needed there. Verified after re-apply: - claude-memory.viktorbarzin.me → 200 (auth=none, native MCP responses) - priority-pass.viktorbarzin.me → 302 → authentik (auth=required) - resume.viktorbarzin.me → 302 → authentik public outpost (auth=public) - 6 of 7 previously-failing applies now green; only vault remains, blocked by an unrelated helm chart immutable-StatefulSet-field issue. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| backend.tf | ||
| main.tf | ||
| providers.tf | ||
| secrets | ||
| terragrunt.hcl | ||