120 lines
3.0 KiB
HCL
120 lines
3.0 KiB
HCL
variable "environment" {}
|
|
variable "namespace" {}
|
|
variable "region" {}
|
|
variable "out_dir" {
|
|
type = string
|
|
default = "../../out"
|
|
}
|
|
|
|
resource "random_id" "suffix" {
|
|
byte_length = 8
|
|
}
|
|
|
|
data "digitalocean_region" "provided" {
|
|
slug = var.region
|
|
}
|
|
|
|
resource "digitalocean_custom_image" "talos" {
|
|
name = "talos"
|
|
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
|
# this gets reset by DigitalOcean otherwise
|
|
distribution = "Unknown OS"
|
|
regions = [data.digitalocean_region.provided.slug]
|
|
}
|
|
|
|
resource "digitalocean_vpc" "main" {
|
|
name = "talos"
|
|
region = data.digitalocean_region.provided.slug
|
|
# Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
|
|
ip_range = "192.168.0.0/16"
|
|
}
|
|
|
|
module "digitalocean_talos_cluster" {
|
|
source = "../../terraform_modules/digitalocean_talos_cluster"
|
|
|
|
talos_cluster_name = "distrust"
|
|
talos_image = digitalocean_custom_image.talos.image_id
|
|
talos_config_directory = "talos"
|
|
control_plane_pool = {
|
|
count = 1,
|
|
size = "s-4vcpu-8gb",
|
|
}
|
|
worker_pools = [{
|
|
name = "primary",
|
|
count = 2,
|
|
size = "s-2vcpu-4gb",
|
|
}]
|
|
vpc_id = digitalocean_vpc.main.id
|
|
digitalocean_region = data.digitalocean_region.provided.slug
|
|
}
|
|
|
|
module "digitalocean_database_cluster" {
|
|
source = "../../terraform_modules/digitalocean_database_cluster"
|
|
|
|
cluster_name = "distrust"
|
|
db_engine = "pg"
|
|
db_version = "15"
|
|
size = "db-s-1vcpu-2gb"
|
|
node_count = 1
|
|
|
|
databases = [{
|
|
name = "keycloak",
|
|
create_default_superuser = true,
|
|
}, {
|
|
name = "forgejo",
|
|
create_default_superuser = true,
|
|
}, {
|
|
name = "nextcloud",
|
|
create_default_superuser = true,
|
|
}]
|
|
|
|
vpc_id = digitalocean_vpc.main.id
|
|
digitalocean_region = data.digitalocean_region.provided.slug
|
|
}
|
|
|
|
locals {
|
|
database_host = module.digitalocean_database_cluster.database_cluster.private_host
|
|
database_port = module.digitalocean_database_cluster.database_cluster.port
|
|
database_jdbc_uri_prefix = join("", [
|
|
"jdbc:postgresql://",
|
|
module.digitalocean_database_cluster.database_cluster.private_host,
|
|
":",
|
|
module.digitalocean_database_cluster.database_cluster.port,
|
|
])
|
|
}
|
|
|
|
# `jq .database_users.value.forgejo | sops --encrypt`
|
|
output "database_users" {
|
|
value = {
|
|
for db_user in module.digitalocean_database_cluster.database_users:
|
|
db_user.name => {
|
|
apiVersion = "v1",
|
|
kind = "Secret",
|
|
metadata = {
|
|
name = "database-configuration",
|
|
},
|
|
stringData = {
|
|
name = db_user.name,
|
|
dbname = db_user.name,
|
|
host = local.database_host,
|
|
port = tostring(local.database_port),
|
|
password = db_user.password,
|
|
# Forgejo, they call it "host"
|
|
address = join(":", [local.database_host, local.database_port]),
|
|
# Keycloak
|
|
jdbc_url = "${local.database_jdbc_uri_prefix}/${db_user.name}?sslmode=require",
|
|
}
|
|
}
|
|
}
|
|
sensitive = true
|
|
}
|
|
|
|
output "database" {
|
|
value = module.digitalocean_database_cluster.database_cluster
|
|
sensitive = true
|
|
}
|
|
|
|
output "vpc_id" {
|
|
value = digitalocean_vpc.main.id
|
|
}
|