1
0
Fork 0

Compare commits

...

5 Commits

13 changed files with 340 additions and 25 deletions

View File

@ -7,7 +7,7 @@ ENVIRONMENT := production
REGION := sfo3
ROOT_DIR := $(shell pwd)
# TODO: automatically determine
TERRAFORM := $(ROOT_DIR)/out/terraform.linux-x86_64
TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \
@ -15,13 +15,13 @@ KEYS := \
3D7C8D39E8C4DF771583D3F0A8A091FD346001CA \
F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
EXTRA_ARGS :=
.DEFAULT_GOAL :=
.PHONY: default
default: \
toolchain \
tools \
$(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \
$(CACHE_DIR)/website/.well-known/openpgpkey \
apply
.PHONY:
@ -76,6 +76,13 @@ infra/backend/.terraform: \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) init -upgrade \
'
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
infra/main/.terraform: | \
$(TERRAFORM) \
@ -85,6 +92,13 @@ infra/main/.terraform: | \
env -C infra/main $(TERRAFORM) init -upgrade \
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \
'
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/main $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
infra/backend/$(ENVIRONMENT).tfstate: \
$(TERRAFORM) \
@ -96,7 +110,7 @@ infra/backend/$(ENVIRONMENT).tfstate: \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state ../../$@ \
-state $@ \
'
config/$(ENVIRONMENT).tfbackend: | \
@ -107,9 +121,17 @@ config/$(ENVIRONMENT).tfbackend: | \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \
$(TERRAFORM) \
output -state ../../$< \
output -state $(ENVIRONMENT).tfstate \
> $@ \
'
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \
$(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
.PHONY:
apply: \
@ -126,7 +148,7 @@ apply: \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
'
$(EXTRA_ARGS) '
$(call maybe_encrypt_secret,infra/main/talos/talosconfig,secrets/$(ENVIRONMENT).talosconfig)
$(call maybe_encrypt_secret,infra/main/talos/kubeconfig,secrets/$(ENVIRONMENT).kubeconfig)
$(call maybe_encrypt_secret,infra/main/talos/controlplane.yaml,secrets/$(ENVIRONMENT).controlplane.yaml)

View File

@ -22,7 +22,7 @@ SOPS_REF=b6d3c9700d88e0c9348f3ec7cd2f10ce4a4b3ee1
BUSYBOX_URL=https://busybox.net/downloads/busybox-1.36.1.tar.bz2
BUSYBOX_HASH=b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314
TOFU_REPO=https://github.com/opentofu/opentofu
TOFU_REF=f9d8b3ca2c0926f66757241baf81af523be73726
TOFU_REF=5d05dba18b6e276a6262a4722fe90c13350c5428
KSOPS_REPO=https://github.com/viaduct-ai/kustomize-sops
KSOPS_REF=ac33c40e1b78d9847a8d0f58473e99419be5b170
KUSTOMIZE_REPO=https://github.com/kubernetes-sigs/kustomize

View File

@ -10,21 +10,18 @@ resource "random_id" "suffix" {
byte_length = 8
}
data "digitalocean_region" "provided" {
slug = var.region
}
resource "digitalocean_custom_image" "talos" {
name = "talos"
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
# this gets reset by DigitalOcean otherwise
distribution = "Unknown OS"
regions = [data.digitalocean_region.provided.slug]
regions = [var.region]
}
resource "digitalocean_vpc" "main" {
name = "talos"
region = data.digitalocean_region.provided.slug
region = var.region
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
ip_range = "192.168.0.0/16"
}
@ -45,7 +42,7 @@ module "digitalocean_talos_cluster" {
size = "s-2vcpu-4gb",
}]
vpc_id = digitalocean_vpc.main.id
digitalocean_region = data.digitalocean_region.provided.slug
digitalocean_region = var.region
}
module "digitalocean_database_cluster" {
@ -66,7 +63,28 @@ module "digitalocean_database_cluster" {
}]
vpc_id = digitalocean_vpc.main.id
digitalocean_region = data.digitalocean_region.provided.slug
digitalocean_region = var.region
}
# Crater App requires MySQL currently, when it adds PG support we should migrate
#
module "digitalocean_mysql_database_cluster" {
source = "../../terraform_modules/digitalocean_database_cluster"
cluster_name = "distrust-mysql"
db_engine = "mysql"
dbcli_name = "mariadb"
db_version = "8"
size = "db-s-1vcpu-1gb"
node_count = 1
databases = [{
name = "crater",
create_default_superuser = true,
}]
vpc_id = digitalocean_vpc.main.id
digitalocean_region = var.region
}
locals {
@ -80,10 +98,11 @@ locals {
])
}
# `jq .database_users.value.forgejo | sops --encrypt`
output "database_users" {
value = {
for db_user in module.digitalocean_database_cluster.database_users:
for db_user in concat(module.digitalocean_database_cluster.database_users, module.digitalocean_mysql_database_cluster.database_users):
db_user.name => {
apiVersion = "v1",
kind = "Secret",
@ -111,6 +130,11 @@ output "database" {
sensitive = true
}
output "mysql_database" {
value = module.digitalocean_mysql_database_cluster.database_cluster
sensitive = true
}
output "vpc_id" {
value = digitalocean_vpc.main.id
}

View File

@ -2,12 +2,13 @@ terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "2.28.1"
version = "2.36.0"
}
}
backend "s3" {
skip_requesting_account_id = true
skip_credentials_validation = true
skip_region_validation = true
skip_get_ec2_platforms = true
skip_metadata_api_check = true
}

View File

@ -0,0 +1,119 @@
apiVersion: v1
kind: Secret
metadata:
name: env
stringData:
DB_PASSWORD: ENC[AES256_GCM,data:nHeFXLOI6bMb1hslXLu9xqbMNppGeGzI,iv:rakHQI3iFNgD9gtUX0HdeFG5afP9ln0a+wenqm692T0=,tag:en9KmjYlZ6xzeC0fs9wKzA==,type:str]
APP_KEY: ENC[AES256_GCM,data:pG99OkN9DpXEJ287ty/7e/86v5kEYeikNN6FnV++uNFE4j48aPiQENd+57RxAXFTUl+6,iv:IFXaK2gnXFm6T3O7ClTRk5HqLGmgFdvh7Dn2Jw+MQU0=,tag:0SPKkf5jfyyuwHNvvDVgCg==,type:str]
MAIL_PASSWORD: ENC[AES256_GCM,data:+pWcN1GYSA3pibo8WgvFsAHjnrvhDNsjuO+QXYR7bdZFBKWJbshf0sS8,iv:Kw6qiUEFnd5FRGBMWutOoxMNFZYMf8NyQkPBR9TvfXg=,tag:4IOU6qOXWQ02S6rc1RHiOQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-03-31T09:43:12Z"
mac: ENC[AES256_GCM,data:I9rIuOh2cTJDrlPYs3kf6o6jPPtdElDmjWENc4Yk29ezpWwUj3+BsICpOU0kOrehvuyKtcM6BcxuvJG5Q92gZoVRvlHDoLypMyK3vDBxhGO0CAbcKnKmUSvROr6IWY5jKh9EWczxU3VkDTrm/BmCJAbjC2Ys51ej73InZez4t0g=,iv:gIaUNj8wKew4bH7dBHW+LV5S0a9allRQkWQ/3aWYJ4Q=,tag:mwwI+RDG0i45sPOSh+e1mg==,type:str]
pgp:
- created_at: "2024-01-11T20:56:10Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA82rPM2mSf/aARAAvQd7qO44LNyywY03qCXI18cx6nj9mo36ehJyq6wuYhWa
n95jXEsmRbGt2l8cAJrH9sZB3uE5DCfeZMzEiZ9heaAyxzC34BxSGP+4PBdRqp6B
jv7Ej6F9lV70bQYvDDry5ihWRmADEVrnDrs2+pXsMQiui9dZSGB676d2PIdliV6y
StqbyudjWZS6fLv2xy25yxJBfzb27rLh1d2yo/9AEm873bFVn7bXQxwOoud8s8KU
MLsQxE05zDQrzm+RpDU0mYk3X4ByyL0/J0dyipjHErOLhOCk2MZ4xTVW8U+Jefuu
htLAzftc9NGwWHdSVXqfwSWUq/UklzurPdDcA1riEqE4XmE74cdgP0vqHYeGPykh
M67Xcr1WLDk7i/n4EISqnp5qwItfJIxWlEpKNANEMveYggHXUz3wTk7qHwjpIDwG
7mMfKlL221M1elk1lY60bx//tr2ZqIlN9IXCjOUZOlxlqvYcmie09YbR6tRZAbag
KZcq4s5y5HlVQ10ZUe7eY8qjXMlLVm7N+TJRnfgJrr2+7GTy/wCcx5nwsVBeYm8h
GrHT3PS0CVRA19ynlEqF1jXfqlRMjX0szPIUGb6/7HLiw514otq3KuZmHYAq2TZ2
HMKncOptoUyfpG252v6NJYQC7yF76tdd5YuykeD40ZOBUULtvUEOZyZVdsaAU9zS
UQHygqf8d16qbh2rWK69Kqmc8DbZHCH/f1IDwekPOsNltQhdgn3lOP7gNSEwI7yV
/qk+5kVHg+Yk0l1K34v5aiWEGrI1SKd1m+nvVW7VcEtufw==
=SjUY
-----END PGP MESSAGE-----
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
- created_at: "2024-01-11T20:56:10Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAw95Vf08z8oUAQ/+OHoip407wu+pF9bWolOK+dViuRhA/X9JUVyQfJer9HM2
thZUChYerdnUBn674pVUkjS5szch19pdZLeK5/YqUXyWoW1qHUgYgzHHq6JvxXXf
PIC7Q+jCfsmDBGcSJefK9rA5u7S+7rULBZvbMbL7gpCG8cG0aXJBoNLzZ/vva16V
x/3Mn6taKjZX0ACeoQ4ma4HS6kB3Nz280S8PKIQeMuUQQfXNWMAlR2ebleovvmvh
pJtN0T5dMLEImexLFSgfPoU1OQmfrnQR/mWP0W3LtGn2o8EE5LordJSgMuwd5eqv
v+XOHoj5E5O88SO2mIwWY0Oh+6P5pf6PJDL8XLLq+0nm2HZrK1Ip8WvYar9xi/12
HClde7vk1ESWw9Kdiop6rSj7C7M3dD+95ufG6F3c1XJQkp3H+AlK7aTK3/rx6Dml
FekNVioLC0LjiMZ1ZeVBOtIYoXXyrYE8nQF9E6kkW/o6dajMDo9F0Ck5LWLiES/E
34bHkP3p+lwOOj0l8PONG/MaP5j2S8v7LjfuMBxcuoo1RhplLJQLUYGvkywmqDK2
2t5vqIkpGAxBN6WNgZt0OwcBlPC3PP3JHQ+kIn9Sk3MAR5plCAhkywTHFwoDBe1e
FnlmDyVjgOdtzZl3aNjz7uOiDtpecwPmsxah8ox7H5wOOagAabDhweFXh0IxKKXS
UQH4zAt2MLHWqAAGjFPFiYxb/ugU1R5Qjv6NKw8bWGFOrbexMiA2bCGOGmstxd7G
SU0tn54SBi+wOEDmJGnaZS89ZzGEoRm6LRJ5EJz+a03tTg==
=KOLu
-----END PGP MESSAGE-----
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
- created_at: "2024-01-11T20:56:10Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA0/D4ws+/KPtARAArZ/F2Sh0LIACUnzLO45O0GsesOm4QS/vVEcZ0BDms/fi
Xe4mmJbYTvRIgWfoXpbt79UreBamMFCSpXBPJnx/d2F0s1RHxKvbq7LwNL/qpH3/
pUJuAbToVTqLyS329YfJVtGtfYRsL0nIyt28wNjz4XudoTfoaaegk+1SSpedT7gW
Wq4ipL3m226yXyTv6DTu61o389TV3H2OR18hawjF6lDfDSCYtNexRCxV3aSqkDU5
Ik9n9OkWrIgJ0ZM4DJ7U/Ltx9ju89oWCmjBfw6IPSkQGSBMNbTolVHdrFbtsygK4
FnHRJn75Q7RkrobkrusqypFqu+D9QK2tijOhahFxfdU/S/zWuzfPiKv4m+iwRo5Q
UeJ43uea8DtnfLCIHISh80mqXwhEpulEb73l7y80EdtHuRURlqer4KPmVtV2Q620
OyLHugmLaqJUXzC6sPyrWBO2tPMqD7JRA34fx5gOVRvyd6KdTc/Pn64/nbqWFcIM
94VIOdJUGoyDtxLVPu7nttlVddqn0obUmSuSvs1ouTntMkScRS6hNTptxS3BbQZ+
FDG/mLgArkrEk/2m/+OuxH4teRqDVcwgbKzkZWgZ0RH6k4v2BJSKnTT1S5TOjJg5
H/RcnMtQeZq0G67fz8uwo3Hqm6FAGBuaWkhtDknNtLEXHaOGE8IIM9L2CeLftq7S
UQGxv6DQZ7PpMjo4LRCyCHNj9ddykRneojKG5cjQxMhTMH2PmamfpB+c2dUSvqin
Ius8vdBiHGuvEwcdJQ3m7cYhkLZWuRgIqGpIrGJX5dvTIw==
=Hi+j
-----END PGP MESSAGE-----
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
- created_at: "2024-01-11T20:56:10Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA5Wf+FyJ+zFJAQ//fyZa4Tzetgnur+02xwrfyxuU3Pvh2+NqSwFQCpo+reWo
bO59a5McV5rWnzL59r9XK/SGwBN87JiDFaTvpc2VJnGAxkz6vw5fuXQI7opybVp/
exqsqtR6lFLaznAi53oeIgBXIg2svOLr5tD6y9eh6eB4rGrbVf8T2N7TlrSal1RT
qoRjtLLZtNXWPMyIGUTjTr4HIUoYvScwQkBhG54R78PXtkW3QfmYJVqXlzTsbKrM
uAdC+Fd7k2ko39s64PPG6QsFFBg81UAz8SvQPfe6b8sv5IaVDBBk8IJ1tORX5/26
BbXOQLjyqdxHR9/KDeS/wj1e9rpRH3BgHybft0T9vBZyyBZY1dPAisRKXThs/Khb
QZUrEd9tNQqGhJrBEKGQuoY39G6mVOywvi4Amubg4L4VbETOD1CM8MMQFlhWmXDP
k6UYMY4vUt9O9/R8SljZBejO6Y2+smCzC4lDq5W3sBu5P+JnnHCnM0wgRoS1aCpR
tsBIKE1f+rlG+kb6eTGcCCR64H+TK9hT49MtbkFeKUO7rlZkbxqKgYdN/Q1HzCEW
YCYsxzJQo4mqTRQ4PYRvo+9Oo9gGtWY48H09qTGR737qayxA3VpdHepABBHC9nm5
BogU/3lTH9PzjESZkEckE1sx7QHUs39FiovXDgvsMRt6+wo6Y5L+dKoXU4MszAzS
UQE0UZL7h7N+QvTbujVrarB6A6vVlwjV0gbQJDRXmPw2awJjBvsjGNfLQ0mruwqb
RLB5G2SvQHiILN/ByD3NxhonQ90mPSjmVBfbdsOp6H4woQ==
=J+qg
-----END PGP MESSAGE-----
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
- created_at: "2024-01-11T20:56:10Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA8KRInHl7Vz+AQ//USOIJ5cPWOQgcqjauvvccC22wxU7Rp/Bx86ajZFpL6M3
ns8g3TC4ga8OO2XYjLTHNXPAzPvEE5lskpO+bkDbqRPkkkGeauqupQTtDIMg25kF
ouBPcvCirWvBJ3uiHHKw1hvTMXAIwcdvIyvxP4zK7sWU8OScDw9nNS8uhOLH9wds
J+Y0qWPuxAJrJF8cgLORxjk5BFh5IdOrmijm72+qEHER6qgYgXoVVbGtIixUTcfv
H9TqxHPkeqgMH2QVGEGKGRueoUVWc0FXtVLNRKlZ5VYX+nZUBDdhVjiiG6DBkWtu
BayAhjRFh/oGs4Q+WyozKy/mv1hJvxsRjpyK78wYw0yQVuwfd/X73y2EkQQNquCk
SyzU+C+5+faJpf9HPq2nv1zrUJid1zSv01IE70OsRFAgKXI9thQlx3VIbLTU6RkZ
Bw6BsWoQmanUR3DUzWvL+lhzYLKhVQ9Gf9rPOK0B1XTvntTGgq1zOYQn/FmlhJjc
SJoXgNU+i9F52CGIJ0fTZaw+8+aJ6oL9SLETl4T9Gj/XCpuDUGJAMP++V7YLWsEf
5tqwHDngm5UJNmqy5vzVbQAIVyLCK868S4xNFRUFwQMCZCHQeW4MhVM5XFE0d0ab
A5MSm8X7HmYgvg+WvXzawyEX3OyAnw1RZ+n+b6w2NN8YLP1kRLjirDS3PbsLybTS
UQHc1/GvEhu+7CSv118mKOyJwOQ6u1KAblmg2yzyhxN6ZvuwNJ9zvSnovSALJHWQ
HSwUH1xcOoL1xQTwJ/+Ha/n1q9i2MqD4uLSP29yYGgdq1A==
=cXXw
-----END PGP MESSAGE-----
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
encrypted_regex: ^(data|stringData)$
version: 3.8.1

View File

@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: invoiceshelf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
rules:
- host: invoice.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: invoiceshelf
port:
name: http
tls:
- hosts:
- invoice.distrust.co
secretName: invoiceshelf-tls

View File

@ -0,0 +1,47 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/part-of: invoiceshelf
resources:
- statefulset.yaml
- service.yaml
- ingress.yaml
configMapGenerator:
- name: env
literals:
- DB_CONNECTION=mysql
- DB_HOST=distrust-mysql-do-user-11788707-0.c.db.ondigitalocean.com
- DB_USERNAME=crater
- DB_DATABASE=crater
- DB_PORT=25060
- APP_ENV=production
- APP_DEBUG=false
- APP_LOG_LEVEL=debug
- APP_URL=https://billing.distrust.co
- ASSET_URL=https://billing.distrust.co
- BROADCAST_DRIVER=log
- CACHE_DRIVER=file
- QUEUE_DRIVER=sync
- SESSION_DRIVER=cookie
- SESSION_LIFETIME=1440
- REDIS_HOST=127.0.0.1
- REDIS_PORT=6379
- MAIL_DRIVER=smtp
- MAIL_HOST=smtp.migadu.com
- MAIL_PORT=465
- MAIL_USERNAME=billing@distrust.co
- MAIL_FROM_ADDRESS=billing@distrust.co
- MAIL_FROM_NAME="billing@distrust.co"
- MAIL_ENCRYPTION=ssl
- PUSHER_APP_ID=
- PUSHER_KEY=
- PUSHER_SECRET=
- SANCTUM_STATEFUL_DOMAINS=billing.distrust.co
- SESSION_DOMAIN=billing.distrust.co
- TRUSTED_PROXIES="*"
- CRON_JOB_AUTH_TOKEN=""
generators:
- secret-generator.yaml
images:
- name: invoiceshelf/invoiceshelf
newTag: 1.1.0@sha256:50787e404725ad4f47462eaf38832d97c627a5d139d51a84f31a9bd90caffb3f

View File

@ -0,0 +1,6 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: invoiceshelf
files:
- ./env.enc.yaml

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: invoiceshelf
labels:
app.kubernetes.io/name: invoiceshelf
app.kubernetes.io/part-of: invoiceshelf
spec:
selector:
app.kubernetes.io/name: invoiceshelf
app.kubernetes.io/component: server
ports:
- name: http
port: 80
targetPort: 80

View File

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: invoiceshelf
labels:
app.kubernetes.io/name: invoiceshelf
app.kubernetes.io/component: server
spec:
selector:
matchLabels:
app.kubernetes.io/name: invoiceshelf
app.kubernetes.io/component: server
template:
metadata:
labels:
app.kubernetes.io/name: invoiceshelf
app.kubernetes.io/component: server
spec:
containers:
- name: invoiceshelf
image: invoiceshelf/invoiceshelf
envFrom:
- secretRef:
name: env
- configMapRef:
name: env
ports:
- name: http
containerPort: 80
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- name: invoiceshelf-data
mountPath: /var/www/html/InvoiceShelf/storage
volumeClaimTemplates:
- metadata:
name: invoiceshelf-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

@ -1 +1 @@
Subproject commit 23fc267a9dfdda30ba4287f8234879961722bafb
Subproject commit a2315fdbc8cd0e4a654d1aa4623a53d5292b3574

View File

@ -39,23 +39,34 @@ resource "digitalocean_database_user" "default_users" {
name = each.key
provisioner "local-exec" {
command = "GRANT ALL ON DATABASE ${each.key} TO ${each.key};"
interpreter = [
"psql",
"-v", "ON_ERROR_STOP=1",
command = var.dbcli_name == "psql" ? "GRANT ALL ON DATABASE ${each.key} TO ${each.key};" : "GRANT ALL PRIVILEGES ON ${each.key} TO '${each.key}'@'%';"
interpreter = var.dbcli_name == "psql" ? [
"${var.dbcli_name}",
"${local.base_connection_string}/${each.key}",
"-c"
] : [
"${var.dbcli_name}",
"-u",
"${digitalocean_database_cluster.main.user}",
"-p",
"-h",
"${digitalocean_database_cluster.main.host}",
"-P",
"25060",
"-D",
"${each.key}",
"-e"
]
}
provisioner "local-exec" {
command = "GRANT ALL ON SCHEMA public TO ${each.key}"
interpreter = [
"psql",
command = var.dbcli_name == "psql" ? "GRANT ALL ON SCHEMA public TO ${each.key}" : "true"
interpreter = var.dbcli_name == "psql" ? [
"${var.dbcli_name}",
"-v", "ON_ERROR_STOP=1",
"${local.base_connection_string}/${each.key}",
"-c"
]
] : ["true"]
}
# Note: provisioners depend on databases existing

View File

@ -33,3 +33,8 @@ variable "vpc_id" {
type = string
nullable = true
}
variable "dbcli_name" {
type = string
default = "psql"
}