infra/main: clean up database_users output

2023-05-12 00:45:49 -04:00 · 2023-05-12 00:45:49 -04:00 · 58f9f507de
parent de97ffef10
commit 58f9f507de
1 changed files with 23 additions and 4 deletions
--- a/infra/main/main.tf
+++ b/infra/main/main.tf
@ -57,10 +57,29 @@ module "digitalocean_database_cluster" {
  digitalocean_region = var.region
 }

-# TODO: make it output a Kubernetes Secret in env var format, can be piped into
-# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen
-# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml
+# `jq .database_users.value.forgejo | sops --encrypt`
 output "database_users" {
-  value = module.digitalocean_database_cluster.database_users
+  value = {
+    for db_user in module.digitalocean_database_cluster.database_users:
+    db_user.name => {
+      apiVersion = "v1",
+      kind = "Secret",
+      metadata = {
+        name = "database-configuration",
+      },
+      stringData = {
+        name = db_user.name,
+        dbname = db_user.name,
+        host = module.digitalocean_database_cluster.database_cluster.private_host,
+        port = module.digitalocean_database_cluster.database_cluster.port,
+        password = db_user.password,
+      }
+    }
+  }
+  sensitive = true
+}
+
+output "database" {
+  value = module.digitalocean_database_cluster.database_cluster
  sensitive = true
 }