1
0
Fork 0

terraform_modules/digitalocean_database_cluster: initial commit

This commit is contained in:
ryan-distrust.co 2023-05-12 00:33:41 -04:00
parent 2906f910c0
commit de97ffef10
Signed by untrusted user who does not match committer: ryan
GPG Key ID: 8E401478A3FBEF72
5 changed files with 130 additions and 1 deletions

View File

@ -13,6 +13,8 @@ resource "random_id" "suffix" {
resource "digitalocean_custom_image" "talos" { resource "digitalocean_custom_image" "talos" {
name = "talos" name = "talos"
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz" url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
# this gets reset by DigitalOcean
distribution = "Unknown OS"
regions = [var.region] regions = [var.region]
} }
@ -31,5 +33,34 @@ module "digitalocean_talos_cluster-2" {
count = 1, count = 1,
size = "s-2vcpu-4gb", size = "s-2vcpu-4gb",
}] }]
digitalocean_region = "sfo3" digitalocean_region = var.region
}
module "digitalocean_database_cluster" {
source = "../../terraform_modules/digitalocean_database_cluster"
cluster_name = "distrust"
db_engine = "pg"
db_version = "15"
size = "db-s-1vcpu-2gb"
node_count = 1
databases = [{
name = "keycloak",
create_default_superuser = true,
}, {
name = "forgejo",
create_default_superuser = true,
}]
vpc_id = module.digitalocean_talos_cluster-2.vpc_id
digitalocean_region = var.region
}
# TODO: make it output a Kubernetes Secret in env var format, can be piped into
# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen
# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml
output "database_users" {
value = module.digitalocean_database_cluster.database_users
sensitive = true
} }

View File

@ -0,0 +1,53 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}
resource "digitalocean_database_cluster" "main" {
name = var.cluster_name
engine = var.db_engine
size = var.size
region = var.digitalocean_region
node_count = var.node_count
version = var.db_version
private_network_uuid = var.vpc_id # TODO: nullable = true
}
resource "digitalocean_database_db" "main" {
for_each = { for db in var.databases: db.name => db }
cluster_id = digitalocean_database_cluster.main.id
name = each.key
}
locals {
base_connection_string = trimsuffix(digitalocean_database_cluster.main.uri,
"/defaultdb?sslmode=require")
}
resource "digitalocean_database_user" "default_users" {
for_each = {
for db in [for db in var.databases: db if db.create_default_superuser]:
db.name => db.name
}
cluster_id = digitalocean_database_cluster.main.id
name = each.key
provisioner "local-exec" {
command = "GRANT ALL ON DATABASE ${each.key} TO ${each.key}"
interpreter = ["psql", "${local.base_connection_string}/${each.key}"]
}
provisioner "local-exec" {
command = "GRANT ALL ON SCHEMA public TO ${each.key}"
interpreter = ["psql", "${local.base_connection_string}/${each.key}"]
}
# Note: provisioners depend on databases existing
depends_on = [digitalocean_database_db.main]
}

View File

@ -0,0 +1,7 @@
output "database_cluster" {
value = digitalocean_database_cluster.main
}
output "database_users" {
value = digitalocean_database_user.default_users
}

View File

@ -0,0 +1,35 @@
variable "cluster_name" {
type = string
}
variable "db_engine" {
type = string
}
variable "size" {
type = string
}
variable "digitalocean_region" {
type = string
}
variable "node_count" {
type = number
}
variable "databases" {
type = list(object({
name = string,
create_default_superuser = optional(bool, false),
}))
}
variable "db_version" {
type = string
}
variable "vpc_id" {
type = string
nullable = true
}

View File

@ -0,0 +1,3 @@
output "vpc_id" {
value = var.vpc_id == "undefined" ? digitalocean_vpc.talos[0].id : var.vpc_id
}