Add invoiceshelf billing software #8

Manually merged
ryan merged 7 commits from drgrove/distrust-stack:crater-app into main 2024-05-30 05:08:59 +00:00
4 changed files with 39 additions and 19 deletions
Showing only changes of commit c3d9a55497 - Show all commits

View File

@ -10,21 +10,18 @@ resource "random_id" "suffix" {
byte_length = 8 byte_length = 8
} }
data "digitalocean_region" "provided" {
slug = var.region
}
resource "digitalocean_custom_image" "talos" { resource "digitalocean_custom_image" "talos" {
name = "talos" name = "talos"
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz" url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
# this gets reset by DigitalOcean otherwise # this gets reset by DigitalOcean otherwise
distribution = "Unknown OS" distribution = "Unknown OS"
regions = [data.digitalocean_region.provided.slug] regions = [var.region]
} }
resource "digitalocean_vpc" "main" { resource "digitalocean_vpc" "main" {
name = "talos" name = "talos"
region = data.digitalocean_region.provided.slug region = var.region
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium # Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
ip_range = "192.168.0.0/16" ip_range = "192.168.0.0/16"
} }
@ -45,7 +42,7 @@ module "digitalocean_talos_cluster" {
size = "s-2vcpu-4gb", size = "s-2vcpu-4gb",
}] }]
vpc_id = digitalocean_vpc.main.id vpc_id = digitalocean_vpc.main.id
digitalocean_region = data.digitalocean_region.provided.slug digitalocean_region = var.region
} }
module "digitalocean_database_cluster" { module "digitalocean_database_cluster" {
@ -66,7 +63,7 @@ module "digitalocean_database_cluster" {
}] }]
vpc_id = digitalocean_vpc.main.id vpc_id = digitalocean_vpc.main.id
digitalocean_region = data.digitalocean_region.provided.slug digitalocean_region = var.region
} }
# Crater App requires MySQL currently, when it adds PG support we should migrate # Crater App requires MySQL currently, when it adds PG support we should migrate
@ -76,8 +73,9 @@ module "digitalocean_mysql_database_cluster" {
cluster_name = "distrust-mysql" cluster_name = "distrust-mysql"
db_engine = "mysql" db_engine = "mysql"
dbcli_name = "mariadb"
db_version = "8" db_version = "8"
size = "db-s-1vcpu-2gb" size = "db-s-1vcpu-1gb"
node_count = 1 node_count = 1
databases = [{ databases = [{
@ -86,7 +84,7 @@ module "digitalocean_mysql_database_cluster" {
}] }]
vpc_id = digitalocean_vpc.main.id vpc_id = digitalocean_vpc.main.id
digitalocean_region = data.digitalocean_region.provided.slug digitalocean_region = var.region
} }
locals { locals {
@ -100,10 +98,11 @@ locals {
]) ])
} }
# `jq .database_users.value.forgejo | sops --encrypt` # `jq .database_users.value.forgejo | sops --encrypt`
output "database_users" { output "database_users" {
value = { value = {
for db_user in module.digitalocean_database_cluster.database_users: for db_user in concat(module.digitalocean_database_cluster.database_users, module.digitalocean_mysql_database_cluster.database_users):
db_user.name => { db_user.name => {
apiVersion = "v1", apiVersion = "v1",
kind = "Secret", kind = "Secret",
@ -131,6 +130,11 @@ output "database" {
sensitive = true sensitive = true
} }
output "mysql_database" {
value = module.digitalocean_mysql_database_cluster.database_cluster
sensitive = true
}
output "vpc_id" { output "vpc_id" {
value = digitalocean_vpc.main.id value = digitalocean_vpc.main.id
} }

View File

@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
digitalocean = { digitalocean = {
source = "digitalocean/digitalocean" source = "digitalocean/digitalocean"
version = "2.28.1" version = "2.36.0"
} }
} }
backend "s3" { backend "s3" {

View File

@ -39,23 +39,34 @@ resource "digitalocean_database_user" "default_users" {
name = each.key name = each.key
provisioner "local-exec" { provisioner "local-exec" {
command = "GRANT ALL ON DATABASE ${each.key} TO ${each.key};" command = var.dbcli_name == "psql" ? "GRANT ALL ON DATABASE ${each.key} TO ${each.key};" : "GRANT ALL PRIVILEGES ON ${each.key} TO '${each.key}'@'%';"
interpreter = [ interpreter = var.dbcli_name == "psql" ? [
"psql", "${var.dbcli_name}",
"-v", "ON_ERROR_STOP=1",
"${local.base_connection_string}/${each.key}", "${local.base_connection_string}/${each.key}",
"-c" "-c"
] : [
"${var.dbcli_name}",
"-u",
"${digitalocean_database_cluster.main.user}",
"-p",
"-h",
"${digitalocean_database_cluster.main.host}",
"-P",
"25060",
"-D",
"${each.key}",
"-e"
] ]
} }
provisioner "local-exec" { provisioner "local-exec" {
command = "GRANT ALL ON SCHEMA public TO ${each.key}" command = var.dbcli_name == "psql" ? "GRANT ALL ON SCHEMA public TO ${each.key}" : "true"
interpreter = [ interpreter = var.dbcli_name == "psql" ? [
"psql", "${var.dbcli_name}",
"-v", "ON_ERROR_STOP=1", "-v", "ON_ERROR_STOP=1",
"${local.base_connection_string}/${each.key}", "${local.base_connection_string}/${each.key}",
"-c" "-c"
] ] : ["true"]
} }
# Note: provisioners depend on databases existing # Note: provisioners depend on databases existing

View File

@ -33,3 +33,8 @@ variable "vpc_id" {
type = string type = string
nullable = true nullable = true
} }
variable "dbcli_name" {
type = string
default = "psql"
}