variable "environment" {} variable "namespace" {} variable "region" {} variable "out_dir" { type = string default = "../../out" } resource "random_id" "suffix" { byte_length = 8 } resource "digitalocean_custom_image" "talos" { name = "talos" url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz" # this gets reset by DigitalOcean distribution = "Unknown OS" regions = [var.region] } module "digitalocean_talos_cluster-2" { source = "../../terraform_modules/digitalocean_talos_cluster" talos_cluster_name = "distrust" talos_image = digitalocean_custom_image.talos.image_id talos_config_directory = "talos" control_plane_pool = { count = 1, size = "s-4vcpu-8gb", } worker_pools = [{ name = "primary", count = 1, size = "s-2vcpu-4gb", }] digitalocean_region = var.region } module "digitalocean_database_cluster" { source = "../../terraform_modules/digitalocean_database_cluster" cluster_name = "distrust" db_engine = "pg" db_version = "15" size = "db-s-1vcpu-2gb" node_count = 1 databases = [{ name = "keycloak", create_default_superuser = true, }, { name = "forgejo", create_default_superuser = true, }] vpc_id = module.digitalocean_talos_cluster-2.vpc_id digitalocean_region = var.region } # `jq .database_users.value.forgejo | sops --encrypt` output "database_users" { value = { for db_user in module.digitalocean_database_cluster.database_users: db_user.name => { apiVersion = "v1", kind = "Secret", metadata = { name = "database-configuration", }, stringData = { name = db_user.name, dbname = db_user.name, host = module.digitalocean_database_cluster.database_cluster.private_host, port = module.digitalocean_database_cluster.database_cluster.port, password = db_user.password, } } } sensitive = true } output "database" { value = module.digitalocean_database_cluster.database_cluster sensitive = true }