stack/infra/main/main.tf

variable "environment" {}
variable "namespace" {}
variable "region" {}
variable "out_dir" {
  type    = string
  default = "../../out"
}

resource "random_id" "suffix" {
  byte_length = 8
}

resource "digitalocean_custom_image" "talos" {
  name = "talos"
  url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
  # this gets reset by DigitalOcean
  distribution = "Unknown OS"
  regions = [var.region]
}

module "digitalocean_talos_cluster-2" {
  source = "../../terraform_modules/digitalocean_talos_cluster"

  talos_cluster_name = "distrust"
  talos_image = digitalocean_custom_image.talos.image_id
  talos_config_directory = "talos"
  control_plane_pool = {
    count = 1,
    size = "s-4vcpu-8gb",
  }
  worker_pools = [{
    name = "primary",
    count = 1,
    size = "s-2vcpu-4gb",
  }]
  digitalocean_region = var.region
}

module "digitalocean_database_cluster" {
  source = "../../terraform_modules/digitalocean_database_cluster"

  cluster_name = "distrust"
  db_engine = "pg"
  db_version = "15"
  size = "db-s-1vcpu-2gb"
  node_count = 1

  databases = [{
    name = "keycloak",
    create_default_superuser = true,
  }, {
    name = "forgejo",
    create_default_superuser = true,
  }]

  vpc_id = module.digitalocean_talos_cluster-2.vpc_id
  digitalocean_region = var.region
}

# TODO: make it output a Kubernetes Secret in env var format, can be piped into
# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen
# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml
output "database_users" {
  value = module.digitalocean_database_cluster.database_users
  sensitive = true
}
auto upload website to DO bucket 2023-03-17 04:14:39 +00:00			`variable "environment" {}`
			`variable "namespace" {}`
			`variable "region" {}`
			`variable "out_dir" {`
			`type = string`
website deploy is a thing 2023-05-05 03:31:53 +00:00			`default = "../../out"`
Add first-working plan 2023-01-28 03:08:56 +00:00			`}`
auto upload website to DO bucket 2023-03-17 04:14:39 +00:00
			`resource "random_id" "suffix" {`
working terraform state sharing 2023-04-14 03:22:35 +00:00			`byte_length = 8`
Add first-working plan 2023-01-28 03:08:56 +00:00			`}`
terraform_modules/digitalocean_talos_cluster: initial commit 2023-05-09 11:32:53 +00:00
			`resource "digitalocean_custom_image" "talos" {`
			`name = "talos"`
infra/main: bump control plane size, bump talos image 2023-05-10 23:24:07 +00:00			`url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"`
terraform_modules/digitalocean_database_cluster: initial commit 2023-05-12 04:33:41 +00:00			`# this gets reset by DigitalOcean`
			`distribution = "Unknown OS"`
infra/main/main: pass var.region instead of hardcode 2023-05-12 03:21:25 +00:00			`regions = [var.region]`
terraform_modules/digitalocean_talos_cluster: initial commit 2023-05-09 11:32:53 +00:00			`}`

infra/main: bump control plane size, bump talos image 2023-05-10 23:24:07 +00:00			`module "digitalocean_talos_cluster-2" {`
terraform_modules/digitalocean_talos_cluster: initial commit 2023-05-09 11:32:53 +00:00			`source = "../../terraform_modules/digitalocean_talos_cluster"`

			`talos_cluster_name = "distrust"`
			`talos_image = digitalocean_custom_image.talos.image_id`
			`talos_config_directory = "talos"`
infra/main: bump control plane size, bump talos image 2023-05-10 23:24:07 +00:00			`control_plane_pool = {`
			`count = 1,`
			`size = "s-4vcpu-8gb",`
			`}`
terraform_modules/digitalocean_talos_cluster: initial commit 2023-05-09 11:32:53 +00:00			`worker_pools = [{`
			`name = "primary",`
			`count = 1,`
			`size = "s-2vcpu-4gb",`
			`}]`
terraform_modules/digitalocean_database_cluster: initial commit 2023-05-12 04:33:41 +00:00			`digitalocean_region = var.region`
			`}`

			`module "digitalocean_database_cluster" {`
			`source = "../../terraform_modules/digitalocean_database_cluster"`

			`cluster_name = "distrust"`
			`db_engine = "pg"`
			`db_version = "15"`
			`size = "db-s-1vcpu-2gb"`
			`node_count = 1`

			`databases = [{`
			`name = "keycloak",`
			`create_default_superuser = true,`
			`}, {`
			`name = "forgejo",`
			`create_default_superuser = true,`
			`}]`

			`vpc_id = module.digitalocean_talos_cluster-2.vpc_id`
			`digitalocean_region = var.region`
			`}`

			`# TODO: make it output a Kubernetes Secret in env var format, can be piped into`
			# `jq .database_users.value.forgejo \| sops --encrypt` for nice secret gen
			`# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml`
			`output "database_users" {`
			`value = module.digitalocean_database_cluster.database_users`
			`sensitive = true`
terraform_modules/digitalocean_talos_cluster: initial commit 2023-05-09 11:32:53 +00:00			`}`