Add invoiceshelf billing software #8
|
@ -10,21 +10,18 @@ resource "random_id" "suffix" {
|
||||||
byte_length = 8
|
byte_length = 8
|
||||||
}
|
}
|
||||||
|
|
||||||
data "digitalocean_region" "provided" {
|
|
||||||
slug = var.region
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "digitalocean_custom_image" "talos" {
|
resource "digitalocean_custom_image" "talos" {
|
||||||
name = "talos"
|
name = "talos"
|
||||||
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
||||||
# this gets reset by DigitalOcean otherwise
|
# this gets reset by DigitalOcean otherwise
|
||||||
distribution = "Unknown OS"
|
distribution = "Unknown OS"
|
||||||
regions = [data.digitalocean_region.provided.slug]
|
regions = [var.region]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_vpc" "main" {
|
resource "digitalocean_vpc" "main" {
|
||||||
name = "talos"
|
name = "talos"
|
||||||
region = data.digitalocean_region.provided.slug
|
region = var.region
|
||||||
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
|
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
|
||||||
ip_range = "192.168.0.0/16"
|
ip_range = "192.168.0.0/16"
|
||||||
}
|
}
|
||||||
|
@ -45,7 +42,7 @@ module "digitalocean_talos_cluster" {
|
||||||
size = "s-2vcpu-4gb",
|
size = "s-2vcpu-4gb",
|
||||||
}]
|
}]
|
||||||
vpc_id = digitalocean_vpc.main.id
|
vpc_id = digitalocean_vpc.main.id
|
||||||
digitalocean_region = data.digitalocean_region.provided.slug
|
digitalocean_region = var.region
|
||||||
}
|
}
|
||||||
|
|
||||||
module "digitalocean_database_cluster" {
|
module "digitalocean_database_cluster" {
|
||||||
|
@ -66,7 +63,7 @@ module "digitalocean_database_cluster" {
|
||||||
}]
|
}]
|
||||||
|
|
||||||
vpc_id = digitalocean_vpc.main.id
|
vpc_id = digitalocean_vpc.main.id
|
||||||
digitalocean_region = data.digitalocean_region.provided.slug
|
digitalocean_region = var.region
|
||||||
}
|
}
|
||||||
|
|
||||||
# Crater App requires MySQL currently, when it adds PG support we should migrate
|
# Crater App requires MySQL currently, when it adds PG support we should migrate
|
||||||
|
@ -76,8 +73,9 @@ module "digitalocean_mysql_database_cluster" {
|
||||||
|
|
||||||
cluster_name = "distrust-mysql"
|
cluster_name = "distrust-mysql"
|
||||||
db_engine = "mysql"
|
db_engine = "mysql"
|
||||||
|
dbcli_name = "mariadb"
|
||||||
db_version = "8"
|
db_version = "8"
|
||||||
size = "db-s-1vcpu-2gb"
|
size = "db-s-1vcpu-1gb"
|
||||||
node_count = 1
|
node_count = 1
|
||||||
|
|
||||||
databases = [{
|
databases = [{
|
||||||
|
@ -86,7 +84,7 @@ module "digitalocean_mysql_database_cluster" {
|
||||||
}]
|
}]
|
||||||
|
|
||||||
vpc_id = digitalocean_vpc.main.id
|
vpc_id = digitalocean_vpc.main.id
|
||||||
digitalocean_region = data.digitalocean_region.provided.slug
|
digitalocean_region = var.region
|
||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
|
@ -100,10 +98,11 @@ locals {
|
||||||
])
|
])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# `jq .database_users.value.forgejo | sops --encrypt`
|
# `jq .database_users.value.forgejo | sops --encrypt`
|
||||||
output "database_users" {
|
output "database_users" {
|
||||||
value = {
|
value = {
|
||||||
for db_user in module.digitalocean_database_cluster.database_users:
|
for db_user in concat(module.digitalocean_database_cluster.database_users, module.digitalocean_mysql_database_cluster.database_users):
|
||||||
db_user.name => {
|
db_user.name => {
|
||||||
apiVersion = "v1",
|
apiVersion = "v1",
|
||||||
kind = "Secret",
|
kind = "Secret",
|
||||||
|
@ -131,6 +130,11 @@ output "database" {
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "mysql_database" {
|
||||||
|
value = module.digitalocean_mysql_database_cluster.database_cluster
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
output "vpc_id" {
|
output "vpc_id" {
|
||||||
value = digitalocean_vpc.main.id
|
value = digitalocean_vpc.main.id
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@ terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
digitalocean = {
|
digitalocean = {
|
||||||
source = "digitalocean/digitalocean"
|
source = "digitalocean/digitalocean"
|
||||||
version = "2.28.1"
|
version = "2.36.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
backend "s3" {
|
backend "s3" {
|
||||||
|
|
|
@ -39,23 +39,34 @@ resource "digitalocean_database_user" "default_users" {
|
||||||
name = each.key
|
name = each.key
|
||||||
|
|
||||||
provisioner "local-exec" {
|
provisioner "local-exec" {
|
||||||
command = "GRANT ALL ON DATABASE ${each.key} TO ${each.key};"
|
command = var.dbcli_name == "psql" ? "GRANT ALL ON DATABASE ${each.key} TO ${each.key};" : "GRANT ALL PRIVILEGES ON ${each.key} TO '${each.key}'@'%';"
|
||||||
interpreter = [
|
interpreter = var.dbcli_name == "psql" ? [
|
||||||
"psql",
|
"${var.dbcli_name}",
|
||||||
"-v", "ON_ERROR_STOP=1",
|
|
||||||
"${local.base_connection_string}/${each.key}",
|
"${local.base_connection_string}/${each.key}",
|
||||||
"-c"
|
"-c"
|
||||||
|
] : [
|
||||||
|
"${var.dbcli_name}",
|
||||||
|
"-u",
|
||||||
|
"${digitalocean_database_cluster.main.user}",
|
||||||
|
"-p",
|
||||||
|
"-h",
|
||||||
|
"${digitalocean_database_cluster.main.host}",
|
||||||
|
"-P",
|
||||||
|
"25060",
|
||||||
|
"-D",
|
||||||
|
"${each.key}",
|
||||||
|
"-e"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "local-exec" {
|
provisioner "local-exec" {
|
||||||
command = "GRANT ALL ON SCHEMA public TO ${each.key}"
|
command = var.dbcli_name == "psql" ? "GRANT ALL ON SCHEMA public TO ${each.key}" : "true"
|
||||||
interpreter = [
|
interpreter = var.dbcli_name == "psql" ? [
|
||||||
"psql",
|
"${var.dbcli_name}",
|
||||||
"-v", "ON_ERROR_STOP=1",
|
"-v", "ON_ERROR_STOP=1",
|
||||||
"${local.base_connection_string}/${each.key}",
|
"${local.base_connection_string}/${each.key}",
|
||||||
"-c"
|
"-c"
|
||||||
]
|
] : ["true"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Note: provisioners depend on databases existing
|
# Note: provisioners depend on databases existing
|
||||||
|
|
|
@ -33,3 +33,8 @@ variable "vpc_id" {
|
||||||
type = string
|
type = string
|
||||||
nullable = true
|
nullable = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "dbcli_name" {
|
||||||
|
type = string
|
||||||
|
default = "psql"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue