2023-03-17 04:14:39 +00:00
|
|
|
variable "environment" {}
|
|
|
|
|
variable "namespace" {}
|
|
|
|
|
variable "region" {}
|
|
|
|
|
variable "out_dir" {
|
|
|
|
|
type = string
|
2023-05-05 03:31:53 +00:00
|
|
|
default = "../../out"
|
2023-01-28 03:08:56 +00:00
|
|
|
}
|
2023-03-17 04:14:39 +00:00
|
|
|
|
|
|
|
|
resource "random_id" "suffix" {
|
2023-04-14 03:22:35 +00:00
|
|
|
byte_length = 8
|
2023-01-28 03:08:56 +00:00
|
|
|
}
|
2023-05-09 11:32:53 +00:00
|
|
|
|
2023-05-13 05:04:48 +00:00
|
|
|
data "digitalocean_region" "provided" {
|
|
|
|
|
slug = var.region
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-09 11:32:53 +00:00
|
|
|
resource "digitalocean_custom_image" "talos" {
|
|
|
|
|
name = "talos"
|
2023-05-10 23:24:07 +00:00
|
|
|
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
2023-05-13 05:04:48 +00:00
|
|
|
# this gets reset by DigitalOcean otherwise
|
2023-05-12 04:33:41 +00:00
|
|
|
distribution = "Unknown OS"
|
2023-05-13 05:04:48 +00:00
|
|
|
regions = [data.digitalocean_region.provided.slug]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "digitalocean_vpc" "main" {
|
|
|
|
|
name = "talos"
|
|
|
|
|
region = data.digitalocean_region.provided.slug
|
|
|
|
|
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
|
|
|
|
|
ip_range = "192.168.0.0/16"
|
2023-05-09 11:32:53 +00:00
|
|
|
}
|
|
|
|
|
|
2023-05-13 05:04:48 +00:00
|
|
|
module "digitalocean_talos_cluster" {
|
2023-05-09 11:32:53 +00:00
|
|
|
source = "../../terraform_modules/digitalocean_talos_cluster"
|
|
|
|
|
|
|
|
|
|
talos_cluster_name = "distrust"
|
|
|
|
|
talos_image = digitalocean_custom_image.talos.image_id
|
|
|
|
|
talos_config_directory = "talos"
|
2023-05-10 23:24:07 +00:00
|
|
|
control_plane_pool = {
|
|
|
|
|
count = 1,
|
|
|
|
|
size = "s-4vcpu-8gb",
|
|
|
|
|
}
|
2023-05-09 11:32:53 +00:00
|
|
|
worker_pools = [{
|
|
|
|
|
name = "primary",
|
2023-05-13 00:11:41 +00:00
|
|
|
count = 2,
|
2023-05-09 11:32:53 +00:00
|
|
|
size = "s-2vcpu-4gb",
|
|
|
|
|
}]
|
2023-05-13 05:04:48 +00:00
|
|
|
vpc_id = digitalocean_vpc.main.id
|
|
|
|
|
digitalocean_region = data.digitalocean_region.provided.slug
|
2023-05-12 04:33:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module "digitalocean_database_cluster" {
|
|
|
|
|
source = "../../terraform_modules/digitalocean_database_cluster"
|
|
|
|
|
|
|
|
|
|
cluster_name = "distrust"
|
|
|
|
|
db_engine = "pg"
|
|
|
|
|
db_version = "15"
|
|
|
|
|
size = "db-s-1vcpu-2gb"
|
|
|
|
|
node_count = 1
|
|
|
|
|
|
|
|
|
|
databases = [{
|
|
|
|
|
name = "keycloak",
|
|
|
|
|
create_default_superuser = true,
|
|
|
|
|
}, {
|
|
|
|
|
name = "forgejo",
|
|
|
|
|
create_default_superuser = true,
|
2024-01-15 23:12:45 +00:00
|
|
|
}, {
|
|
|
|
|
# We're creating this database, but then need to delete and recreate manually with LOCALE=C. Otherwise synapse won't work
|
|
|
|
|
# CREATE DATABASE synapse WITH template=template0 owner=doadmin locale="C" encoding=UTF8;
|
|
|
|
|
# GRANT ALL ON DATABASE synapse TO synapse;
|
|
|
|
|
name = "synapse",
|
|
|
|
|
create_default_superuser = true,
|
|
|
|
|
}, {
|
|
|
|
|
name = "telegram",
|
|
|
|
|
create_default_superuser = true,
|
|
|
|
|
}, {
|
2024-03-11 23:32:03 +00:00
|
|
|
name = "mautrix_slack",
|
|
|
|
|
create_default_superuser = true,
|
|
|
|
|
}, {
|
|
|
|
|
name = "matrix_slack_appservice",
|
2024-01-15 23:12:45 +00:00
|
|
|
create_default_superuser = true,
|
|
|
|
|
}, {
|
|
|
|
|
name = "media_repo",
|
|
|
|
|
create_default_superuser = true,
|
2023-05-12 04:33:41 +00:00
|
|
|
}]
|
|
|
|
|
|
2023-05-13 05:04:48 +00:00
|
|
|
vpc_id = digitalocean_vpc.main.id
|
|
|
|
|
digitalocean_region = data.digitalocean_region.provided.slug
|
2023-05-12 04:33:41 +00:00
|
|
|
}
|
|
|
|
|
|
2024-01-16 04:25:37 +00:00
|
|
|
resource "digitalocean_spaces_bucket" "matrix_media_repo" {
|
|
|
|
|
name = "${var.namespace}-${var.environment}-distrust-media-repo"
|
|
|
|
|
region = var.region
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-12 04:54:07 +00:00
|
|
|
locals {
|
|
|
|
|
database_host = module.digitalocean_database_cluster.database_cluster.private_host
|
|
|
|
|
database_port = module.digitalocean_database_cluster.database_cluster.port
|
|
|
|
|
database_jdbc_uri_prefix = join("", [
|
|
|
|
|
"jdbc:postgresql://",
|
|
|
|
|
module.digitalocean_database_cluster.database_cluster.private_host,
|
|
|
|
|
":",
|
|
|
|
|
module.digitalocean_database_cluster.database_cluster.port,
|
|
|
|
|
])
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-12 04:45:49 +00:00
|
|
|
# `jq .database_users.value.forgejo | sops --encrypt`
|
2023-05-12 04:33:41 +00:00
|
|
|
output "database_users" {
|
2023-05-12 04:45:49 +00:00
|
|
|
value = {
|
|
|
|
|
for db_user in module.digitalocean_database_cluster.database_users:
|
|
|
|
|
db_user.name => {
|
|
|
|
|
apiVersion = "v1",
|
|
|
|
|
kind = "Secret",
|
|
|
|
|
metadata = {
|
|
|
|
|
name = "database-configuration",
|
|
|
|
|
},
|
|
|
|
|
stringData = {
|
|
|
|
|
name = db_user.name,
|
|
|
|
|
dbname = db_user.name,
|
2023-05-12 04:54:07 +00:00
|
|
|
host = local.database_host,
|
2023-05-15 04:06:32 +00:00
|
|
|
port = tostring(local.database_port),
|
2023-05-12 04:45:49 +00:00
|
|
|
password = db_user.password,
|
2023-05-12 04:54:07 +00:00
|
|
|
# Forgejo, they call it "host"
|
|
|
|
|
address = join(":", [local.database_host, local.database_port]),
|
|
|
|
|
# Keycloak
|
|
|
|
|
jdbc_url = "${local.database_jdbc_uri_prefix}/${db_user.name}?sslmode=require",
|
2023-05-12 04:45:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
sensitive = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output "database" {
|
|
|
|
|
value = module.digitalocean_database_cluster.database_cluster
|
2023-05-12 04:33:41 +00:00
|
|
|
sensitive = true
|
2023-05-09 11:32:53 +00:00
|
|
|
}
|
2023-05-13 05:31:07 +00:00
|
|
|
|
|
|
|
|
output "vpc_id" {
|
|
|
|
|
value = digitalocean_vpc.main.id
|
|
|
|
|
}
|
