172 lines
		
	
	
		
			4.3 KiB
		
	
	
	
		
			HCL
		
	
	
	
			
		
		
	
	
			172 lines
		
	
	
		
			4.3 KiB
		
	
	
	
		
			HCL
		
	
	
	
| variable "environment" {}
 | |
| variable "namespace" {}
 | |
| variable "region" {}
 | |
| variable "out_dir" {
 | |
|   type    = string
 | |
|   default = "../../out"
 | |
| }
 | |
| 
 | |
| resource "random_id" "suffix" {
 | |
|   byte_length = 8
 | |
| }
 | |
| 
 | |
| 
 | |
| resource "digitalocean_custom_image" "talos" {
 | |
|   name = "talos"
 | |
|   url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
 | |
|   # this gets reset by DigitalOcean otherwise
 | |
|   distribution = "Unknown OS"
 | |
|   regions = [var.region]
 | |
| }
 | |
| 
 | |
| resource "digitalocean_vpc" "main" {
 | |
|   name = "talos"
 | |
|   region = var.region 
 | |
|   # Note: This is VERY CAREFULLY chosen to avoid conflict with k8s and cilium
 | |
|   ip_range = "192.168.0.0/16"
 | |
| }
 | |
| 
 | |
| module "digitalocean_talos_cluster" {
 | |
|   source = "../../terraform_modules/digitalocean_talos_cluster"
 | |
| 
 | |
|   talos_cluster_name = "distrust"
 | |
|   talos_image = digitalocean_custom_image.talos.image_id
 | |
|   talos_config_directory = "talos"
 | |
|   control_plane_pool = {
 | |
|     count = 1,
 | |
|     size = "s-4vcpu-8gb",
 | |
|   }
 | |
|   worker_pools = [{
 | |
|     name = "primary",
 | |
|     count = 2,
 | |
|     size = "s-2vcpu-4gb",
 | |
|   }]
 | |
|   vpc_id = digitalocean_vpc.main.id
 | |
|   digitalocean_region = var.region 
 | |
| }
 | |
| 
 | |
| module "digitalocean_database_cluster" {
 | |
|   source = "../../terraform_modules/digitalocean_database_cluster"
 | |
| 
 | |
|   cluster_name = "distrust"
 | |
|   db_engine = "pg"
 | |
|   db_version = "15"
 | |
|   size = "db-s-1vcpu-2gb"
 | |
|   node_count = 1
 | |
| 
 | |
|   databases = [{
 | |
|     name = "keycloak",
 | |
|     create_default_superuser = true,
 | |
|   }, {
 | |
|     name = "forgejo",
 | |
|     create_default_superuser = true,
 | |
|   }, {
 | |
|     # We're creating this database, but then need to delete and recreate manually with LOCALE=C. Otherwise synapse won't work
 | |
|     # CREATE DATABASE synapse WITH template=template0 owner=doadmin locale="C" encoding=UTF8;
 | |
|     # GRANT ALL ON DATABASE synapse TO synapse;
 | |
|     name = "synapse",
 | |
|     create_default_superuser = true,
 | |
|   }, {
 | |
|     name = "telegram",
 | |
|     create_default_superuser = true,
 | |
|   }, {
 | |
|     name = "mautrix_slack",
 | |
|     create_default_superuser = true,
 | |
|   }, {
 | |
|     name = "matrix_slack_appservice",
 | |
|     create_default_superuser = true,
 | |
|   }, {
 | |
|     name = "media_repo",
 | |
|     create_default_superuser = true,
 | |
|   }]
 | |
| 
 | |
|   vpc_id = digitalocean_vpc.main.id
 | |
|   digitalocean_region = var.region 
 | |
| }
 | |
| 
 | |
| # Crater App requires MySQL currently, when it adds PG support we should migrate
 | |
| # 
 | |
| module "digitalocean_mysql_database_cluster" {
 | |
|   source = "../../terraform_modules/digitalocean_database_cluster"
 | |
| 
 | |
|   cluster_name = "distrust-mysql"
 | |
|   db_engine = "mysql"
 | |
|   dbcli_name = "mariadb"
 | |
|   db_version = "8"
 | |
|   size = "db-s-1vcpu-1gb"
 | |
|   node_count = 1
 | |
| 
 | |
|   databases = [{
 | |
|     name = "crater",
 | |
|     create_default_superuser = true,
 | |
|     mysql_native_auth = true
 | |
|   }]
 | |
| 
 | |
|   vpc_id = digitalocean_vpc.main.id
 | |
|   digitalocean_region = var.region 
 | |
| }
 | |
| 
 | |
| resource "digitalocean_spaces_bucket" "matrix_media_repo" {
 | |
|   name = "${var.namespace}-${var.environment}-distrust-media-repo"
 | |
|   region = var.region
 | |
| 
 | |
|   versioning {
 | |
|     enabled = false
 | |
|   }
 | |
| }
 | |
| 
 | |
| locals {
 | |
|   database_host = module.digitalocean_database_cluster.database_cluster.private_host
 | |
|   database_port = module.digitalocean_database_cluster.database_cluster.port
 | |
|   database_jdbc_uri_prefix = join("", [
 | |
|     "jdbc:postgresql://",
 | |
|     module.digitalocean_database_cluster.database_cluster.private_host,
 | |
|     ":",
 | |
|     module.digitalocean_database_cluster.database_cluster.port,
 | |
|   ])
 | |
| }
 | |
| 
 | |
| 
 | |
| # `jq .database_users.value.forgejo | sops --encrypt`
 | |
| output "database_users" {
 | |
|   value = {
 | |
|     for db_user in concat(
 | |
|       values(module.digitalocean_database_cluster.database_users),
 | |
|       values(module.digitalocean_mysql_database_cluster.database_users),
 | |
|     ):
 | |
|     db_user.name => {
 | |
|       apiVersion = "v1",
 | |
|       kind = "Secret",
 | |
|       metadata = {
 | |
|         name = "database-configuration",
 | |
|       },
 | |
|       stringData = {
 | |
|         name = db_user.name,
 | |
|         dbname = db_user.name,
 | |
|         host = local.database_host,
 | |
|         port = tostring(local.database_port),
 | |
|         password = db_user.password,
 | |
|         # Forgejo, they call it "host"
 | |
|         address = join(":", [local.database_host, local.database_port]),
 | |
|         # Keycloak
 | |
|         jdbc_url = "${local.database_jdbc_uri_prefix}/${db_user.name}?sslmode=require",
 | |
|       }
 | |
|     }
 | |
|   }
 | |
|   sensitive = true
 | |
| }
 | |
| 
 | |
| output "database" {
 | |
|   value = module.digitalocean_database_cluster.database_cluster
 | |
|   sensitive = true
 | |
| }
 | |
| 
 | |
| output "mysql_database" {
 | |
|   value = module.digitalocean_mysql_database_cluster.database_cluster
 | |
|   sensitive = true
 | |
| }
 | |
| 
 | |
| output "vpc_id" {
 | |
|   value = digitalocean_vpc.main.id
 | |
| }
 |