Add postgresql provider

This commit is contained in:
Tobias Reisinger 2024-09-28 01:59:53 +02:00
parent feab7c6ed8
commit 43baf205dc
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
12 changed files with 221 additions and 107 deletions

View file

@ -1,6 +1,45 @@
# This file is maintained automatically by "tofu init". # This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/cyrilgdn/postgresql" {
version = "1.23.0"
constraints = "~> 1.23"
hashes = [
"h1:LxsIoeIkUhmlyKUwhWKLsRBm6Ho4j/O4GdxgxjfOm0A=",
"zh:0bea106d7ffc7058a9a03359d2d973dd2b10f357a751ad7ead34e919af963adc",
"zh:11758b27f60d74232a8a1b2cf2053ab27a7f060f1893fa773353425f295f6085",
"zh:278605be3cbcaab43598ccbe1152956691e7af41e3c105034b1f3f643362f8c0",
"zh:2d14614d58fc46a545e238b2fcdb4229cba6c2dcdbf499f287f0823527dc70a4",
"zh:3002900c6425240013b6eb20ad4450e7d7ed95c79b29ad4a7cf004c1fec4d91b",
"zh:418213529b21a6a54e093dadb2d04348b1f5ae486b6682e1fdfd799351ab0063",
"zh:46f82a470e07d6ca6eea4a5ca3f9bb9774bf65ed8f95891214d7cefb9abe76cb",
"zh:596b9d5233dc0efee067a2f243969b2c380616e38d4ca4cc35c6f95fd03ea30d",
"zh:74413ba9ffed3acd0574c26935e758360524693690d331d497fd2bf6742abd90",
"zh:7ff43a55325fd22b78fb3320ad651906314465af9f05c8eb026a63ca18b6f80b",
"zh:8f1bbc5d1a4c84cee294b4a7365f888ab1c8fd86c57bd965d89d026846a1ccd9",
"zh:b5ef4a4aa245e9d47fc2ba6b9ab5471e02ccabbdc3999fb2f603f26715d115ae",
"zh:d6da2968454febfa01de7b4197f5919e4faa04ab0f82e8793bd1c85a101d7c11",
"zh:fbebc34e03af57afcc4110768af733a9b71a540f32bf2c8f61783684b1f00e2a",
]
}
provider "registry.opentofu.org/hashicorp/random" {
version = "3.6.3"
hashes = [
"h1:Ry0Lr0zaoicslZlcUR4rAySPpl/a7QupfMfuAxhW3fw=",
"zh:1bfd2e54b4eee8c761a40b6d99d45880b3a71abc18a9a7a5319204da9c8363b2",
"zh:21a15ac74adb8ba499aab989a4248321b51946e5431219b56fc827e565776714",
"zh:221acfac3f7a5bcd6cb49f79a1fca99da7679bde01017334bad1f951a12d85ba",
"zh:3026fcdc0c1258e32ab519df878579160b1050b141d6f7883b39438244e08954",
"zh:50d07a7066ea46873b289548000229556908c3be746059969ab0d694e053ee4c",
"zh:54280cdac041f2c2986a585f62e102bc59ef412cad5f4ebf7387c2b3a357f6c0",
"zh:632adf40f1f63b0c5707182853c10ae23124c00869ffff05f310aef2ed26fcf3",
"zh:b8c2876cce9a38501d14880a47e59a5182ee98732ad7e576e9a9ce686a46d8f5",
"zh:f27e6995e1e9fe3914a2654791fc8d67cdce44f17bf06e614ead7dfd2b13d3ae",
"zh:f423f2b7e5c814799ad7580b5c8ae23359d8d342264902f821c357ff2b3c6d3d",
]
}
provider "registry.opentofu.org/hashicorp/template" { provider "registry.opentofu.org/hashicorp/template" {
version = "2.2.0" version = "2.2.0"
hashes = [ hashes = [
@ -14,19 +53,19 @@ provider "registry.opentofu.org/hashicorp/template" {
} }
provider "registry.opentofu.org/hashicorp/time" { provider "registry.opentofu.org/hashicorp/time" {
version = "0.12.0" version = "0.12.1"
hashes = [ hashes = [
"h1:Om7xF0GgRkBsAjKis3RAFXQJKmHgnO04C+PEScF/xTM=", "h1:PnOB6IAQJoYi/r3iUH7Hml2c2zFrIzHksQsrK3VPjSI=",
"zh:01b7ac8203eb7ed712a356215e44f8851b96ddcfdf63b13ff9f870f799667059", "zh:50a9b67d5f5f42adbdb7712f67858aa64b5670070f6710751239b535fb48a4df",
"zh:06c4420bdb964209eb119f1740575df7b8ac44a3b5d71631dae2962a155f58b7", "zh:5a846fae035e363aed75b966d64a56f3489a38083e8407aaa656730437f53ed7",
"zh:2534d1d04ca934e25426ab5bb0b29a57a95c676f70b154bfb382d58bf1e6f6c9", "zh:6767f1fc8a679b48eaa4cd114da0d8185fb3546375f3a0fb3728f10fa3dbc551",
"zh:340de6c71a1090f13ab5c429ca2134c12189e8b86c2b104859e82eb30eea9772", "zh:85d3da407c828bf057cbc0e86c75ef3d0f9f74a73c4ea1b4aef18e33f41092b1",
"zh:561a2780f7fb1b0a9092c59c4eb3e3d8c3ec9cecddc9214ae92fdc941c3bd2e7", "zh:9180721325139431112c638f5382a740ff219782f81d6346cdff5bccc418a43f",
"zh:65b1a982617375123bc3a1dcd44d61264cabac6b3d83378e7079ee0655ec6679", "zh:9ba9989f905a64db1409a9a57649549c89c7aedfb55ae399a7fa9411aafaadac",
"zh:9ae9f6c9609c5ed9e35a702068629ef5adfb131f957a571fc39ce0127c782ca4", "zh:b3d9e7afb6a742e9be0541bc434b00d849fdfab0b4b859ceb0296c26c541af15",
"zh:ad7f066c5db340683cb5a3a29ced3a2ece13c5b84c46d6b3d30815444a6c78ee", "zh:c87da712d718acd9dd03f544b020c320699cb29df197be4f74783e3c3d80fc17",
"zh:f532d2c33c2303a970e9ee813e37d208eb65321aec489da14786b7f04ea66105", "zh:cb1abe07638ef6d7b41d0e86dfb12d60a513aca3395a5da7191947f7459821dd",
"zh:fb269e2425a4b996fef79665eaeec8f40a388bf7ac7bf8ce2c108fb83c4b10ca", "zh:ecff2e823ef49eda03663fa8ee8bdc17d27cd419dbdacbf1719f38812dbf417e",
] ]
} }
@ -53,67 +92,67 @@ provider "registry.opentofu.org/hetznercloud/hcloud" {
} }
provider "registry.opentofu.org/ovh/ovh" { provider "registry.opentofu.org/ovh/ovh" {
version = "0.48.0" version = "0.50.0"
constraints = "~> 0.48" constraints = "~> 0.48"
hashes = [ hashes = [
"h1:dOwImR7DGX4FHt9IpY6S7z8z62fyhTOiLm0kgSA+MfE=", "h1:HKkJ0TdXphZb503dGYyOj4mXy9HPSSgXhf0yFmsRyxo=",
"zh:64ae6a94f86115d6a0cf54e62de16f3751f2f511c7c133a58734b623ecd83133", "zh:1c88525ece36dc8878567301fb245422d10a788a7545fff918c7b96828d2efd1",
"zh:808c0dfc35f0cdde84fff2b772ef52aef57363e2f496ae8e5b5d191ae2482db3", "zh:311f5f3103ff0f5baab886e338de443e28d40557664c54697a21f2c091c0c673",
"zh:91427314fe73ee5bb3cc0fdcc88c15416709ff049751573674cb56a17ebf137f", "zh:37a1dc197d9fc68cc1c90b8ef77411797c4bc494b528ad4880e6ee4185f1eddb",
"zh:97a60491d8a50900c83365ab86343f59ae39a6a8d0ecbf2229be389143c584af", "zh:6f61600d81b4c5c0a016d58c2dae7ca4bfaef28481abc12797bc7e90f9c7d3f8",
"zh:a2be10afc172ea844706217143b003c21dd502fcfe429fa61f5cebdbd2c38c55", "zh:7eb791886e01bbbbcff93d9fedbc2d4d78852bfcf9d2aba188aa5032f45008dc",
"zh:a6e0e5978a6b1247a110e1bf2461771e3bf1b3c974cc83b56ae3255cdc5123d3", "zh:87d53dcf87466ec341c3cc41b619e8829faa4805e06491ccd4d7e1945cb78664",
"zh:b6cac2ddd451cb783faab09ec90a54be222a2bc9ef59eaaec309980b46a8650c", "zh:8b017819ea1d0cf2ca78de6b2d935b71a23e13030f5b2c2a2afe65122ec354d3",
"zh:d767fc3a8c992fa01be52a86ba92204d5ac7ea238a2ebce5e313eaf56e4ae3ac", "zh:8ddc5f0f50c551c78aabf5521e4418badb71e77c6103f8da85f1862eb620cc39",
"zh:ed2f82995fbe92d7a750a9560cb325d6dbee1b031898dba4ab74447c6043c878", "zh:91dbd9069b803582618e442f648d8a72f1e28ecf4c45c539d1b67f4acc601498",
"zh:ef20c721c5349f03106aa3514752b1df3583ce96a0e704a4b45d9b4b455ca57b", "zh:c4b4f626adfb81179b9e4a61f1df08f26c581a6da093f958620abafa308c572e",
"zh:f33f42bca65d40097033f0e64e45ad113107804be2198a2279d5561bb1122b34", "zh:d836cd3127f93acf27c7bfd7b020f27cab977ff5e52f6c0403ab9eb54dcf9da4",
"zh:f922c6d3d73f8c252beb91dc9f97eb96643781ad3e7192018be47d4df2e4d0e3", "zh:deb1b6352c5b6d3c210091587fbfab93453fcb5aaa761a02d61c03ab4d56637f",
"zh:f93577ad688f449c03c4087a19cea3cc37bc30c94519eee4710323099bf501ad", "zh:e53cf3cb629bb0701bd54d9dcbd4253d6f001923f355e891b5776f7fa63f56ee",
"zh:ff33c4b2543030a82935551631d209df87adf981b4661a4ab60406e704fe7485", "zh:f2026e2dacb00bc0571127a6435837943281b1e085fad2b11356db78c9a863c0",
] ]
} }
provider "registry.opentofu.org/scaleway/scaleway" { provider "registry.opentofu.org/scaleway/scaleway" {
version = "2.44.0" version = "2.45.0"
constraints = "~> 2.43" constraints = "~> 2.43"
hashes = [ hashes = [
"h1:VRA4GE/N4YaxrsDi4VtCvTa2F2VMz6cHvig+uXx95Ys=", "h1:TUNrkoCHyGUJrmpOjg+Wfyf8IYe/6X6D2yu11Vi9UoM=",
"zh:07626890d5417058f5999675304f039036253a2b17eb1b658cb4d8a9dd783cdd", "zh:11dc4916523a65acf06555816ed09a5d5267477b8c005c48f91ed036a1e8d93a",
"zh:153fb6d63f7e7203cbadd35f0ec46f8a1ce2bee16817a3f7c2b7f908d833fe9e", "zh:20f8ee896d88ea85b89fb73311341a90ffe6c8c3211e5b710c7c8daa977d6156",
"zh:2d535d419d2c44810d538e06769afc02ca529f59d4340f563d4ca040f6c43f35", "zh:2d9a0dd05c34d36469625b139b8089b8dd9f93b92d18e3af24aaf6f37620c727",
"zh:3097ffad52ea5102dfd1c0693e86f812634a029dd1a98fb8a448154daa6063fc", "zh:3d0e1a19edbf707d488e3f35b1d6fdd1922cd1a376ff78314d4f06fd63666840",
"zh:562477ee7953c836a1133e20158911ff3d831167689a691b58ce7f6954e636b5", "zh:676872e1613714e9f7d619eae23c33a96b423d27d378a2b935e773d9c6f79edf",
"zh:71c4168c400b421fa1edaee1970473b6f3abe3f76d2ea5c2ef2292df9f909bcb", "zh:87b038b2e7d51c50469fa95dcd8a1a8c21fcc1decd75a49b6367fc80a1ac5809",
"zh:82c6c6c81a5dd911f33f5363d777f0009689a83fb7bf219e958717e4d9ed0e23", "zh:97bd93434231540cad2516e33e5f90edc9d2bd3d4eaabaefbdd76117004f7283",
"zh:88daeb4b398e7806a1c94afce439238bf2abcb290e8c65eb3ea7e0c42c1442b1", "zh:a2c4ee0b8a81c61714d52449aeb92c8fae2d002b93865a355f72f18072171e8b",
"zh:a1e83eda0c66140d86239b3830a258fa98f2e964bd52f2a8f3cc97aca2390166", "zh:a55372fc3470c493fa053d404f3332d2ffba3a70696b3926ac2fcc8852b6055a",
"zh:d7d7e37de2a66d5048e19797edd59358c357f26ac03beab9fec36c1838969ad2", "zh:c0c413943a14a7a2cb277b12e6a70f4647e3ad34abc6fe7368c726ba3d2b31ff",
"zh:dc0692b3378057e18354a1f7aa87e64f7b84ed8e9c005b9ad69bf01638f88246", "zh:c0e0779ccc8233a8efa1ae0d9d3f23becc1ef6cdff00ca083282939e3d639631",
"zh:e32409c6dfd397c297dfb702f8dff0ae3c9592c017a24148fec8379c1a67e50c", "zh:d40e4a9acd839589ad01ebed256b19725f31b4308681e11ea4a22ed0285963ee",
"zh:e4aa8b3bbfbe1b5bc9a06b32a68e30def2af91c886e6008a5d4b7d6a5e18f46f", "zh:de1a592889747125dc739f4b1dfb20f848ffcc10a0c25272f8f2fd90b435940e",
"zh:ef08071c2c4a398c6c287a26e2255831afe5b2049416d7e7c23117f199687676", "zh:fa200b7e1e24d63d5d4eb4ff4e44c00a6f7cfb883ce1eee98eb74a539f91774d",
] ]
} }
provider "registry.opentofu.org/tailscale/tailscale" { provider "registry.opentofu.org/tailscale/tailscale" {
version = "0.16.2" version = "0.17.1"
constraints = "~> 0.16" constraints = "~> 0.16"
hashes = [ hashes = [
"h1:m8r5+K4JWe+tdT4IyryZkAQ7d38GVPtoQ9mzp+5Scaw=", "h1:yUzwRZxbCa0QDkn1VSYriZpC02tHaa5X05pxp/K2Sao=",
"zh:2a37ef43b88ad8e26ecad79e6b34a896769be2b7d18140f855f6063775367841", "zh:1823fbc277875863d7f7fd198b1636a3e213fff523c6882d5d7aaf83a745872e",
"zh:3867d3331b59c8281dd8a742260b22e18750ae84a9bd2009e8f9d90412d2c044", "zh:2a9a21fba0acbe44cd6b78ce8b49fba2e650576675818255cd1abf3c0493d448",
"zh:5e5e5ee08e0ecefa08a0ce7a9281a858f9b3a2a66bc9c06802b1624a1cb3eae0", "zh:382450ba8918c1738b60a736fe2e37e845242fac7bf85c4936b135061864eaba",
"zh:6298e8ed55bccd5513060e0d357d055919b3a22146fcfb6c34881efd49ec33f8", "zh:413226903d4d924eb005505a2e06c11186185466d0d7741d67d154f3a4c49b41",
"zh:6ce0ab6564fbbc673ab98ce4b7db7d64258a916394436a005d14b25c3ea58ad1", "zh:43e9fbb4f43df7c169651a07bdf56cdf10f315f25b5ca428d7f8325d236b77a7",
"zh:6fdc1fb66074d2af5124a6988f81efdc77011b185e710629140e87ffb8624956", "zh:6a47fccb7d7248f42e36860aeb9c4b109bba9a0fe702cfb13ec88bc2babaccbf",
"zh:7ff7888d77a17b18c9bdc9dfc1bf1e7f98f512410c29d1a8c2e6c21c8fe2a5c4", "zh:834308305b0ff8355a37869338f60ac072dad1bf0856964dd29f5b4542e1f41b",
"zh:9cafb8660daffd5c9c490d4529c7ba3d691fee5e4093b55e73f188b17e34cead", "zh:859199d820fd66da7d4f6b30fd4b828952f5f318f37b8bacf80f5668b769c162",
"zh:b11e0e1b6c8485eb832336a69be02dfae151b71350e25288ec7bf0637df35485", "zh:89894383c69a6dd242faff79218850249d75673f736ceb212b26e13bc0950640",
"zh:c7371d0dcde253fcd1808f86be2fcfc6e0b6ec82aa714e5dc6b533ba10007d48", "zh:8ab2011df75200dff2e9cb885de28ba00bc5141c9de7cad609cf12d39735a819",
"zh:dcddd847b8a03a3b7c9288d68e781d65a3b911ef9cc96df9502a2d069195ae42", "zh:90df5ea74438217ed981af32fb061fabc71b14cfd4bb1fbf5c830036152c6253",
"zh:dfd37ec661fe5b1520b595dcb93cca65f716270edc173a393a600c85b3f842d7", "zh:b56875c717c155db6da4c54b9a242b087f1a4fcb31b84758902e072805159a07",
"zh:e3b623167859344ed93f4125e97d24c5793246ccb329e4d82b2d9d8e5c356380", "zh:d1c328adab27ac8ef0afb97a518f4db4a1f5f916ba93927ecd3fca7e72023517",
"zh:f4d38ec08191ae70ef05ffd3943df1c27e2b11192a02e1979498a59ea1881ee3", "zh:e62555f5a1fb59141db198a22bc29c01eff1a781a1ea207107997a5e42ade45b",
] ]
} }

24
hosts.auto.tfvars Normal file
View file

@ -0,0 +1,24 @@
hosts = {
"node001" = {
hostname = "node001"
rdns = "node001.serguzim.net"
provider = "contabo"
ipv4_address = "144.91.106.67",
ipv6_address = "2a02:c207:2051:6620::1"
},
"node002" = {
hostname = "node002"
rdns = "node002.serguzim.net"
provider = "contabo"
ipv4_address = "62.171.181.192"
ipv6_address = "2a02:c207:2036:6681::1"
},
"node003" = {
hostname = "node003"
rdns = "mail.serguzim.me"
provider = "hetzner"
image = "debian-12"
server_type = "cx32"
datacenter = "fsn1-dc14"
},
}

View file

@ -2,8 +2,8 @@ admin_email: tobias@msrg.cc
timezone: Europe/Berlin timezone: Europe/Berlin
postgres: postgres:
host: db.serguzim.me host: "{{ opentofu.postgresql.host }}"
port: 5432 port: "{{ opentofu.postgresql.port }}"
mailer: mailer:
host: mail.serguzim.me host: mail.serguzim.me

14
main.tf
View file

@ -8,6 +8,10 @@ terraform {
source = "ovh/ovh" source = "ovh/ovh"
version = "~> 0.48" version = "~> 0.48"
} }
postgresql = {
source = "cyrilgdn/postgresql"
version = "~> 1.23"
}
scaleway = { scaleway = {
source = "scaleway/scaleway" source = "scaleway/scaleway"
version = "~> 2.43" version = "~> 2.43"
@ -48,6 +52,16 @@ provider "ovh" {
consumer_key = "${var.ovh_consumer_key}" consumer_key = "${var.ovh_consumer_key}"
} }
provider "postgresql" {
host = "${var.postgresql_host}"
port = "${var.postgresql_port}"
database = "postgres"
username = "${var.postgresql_username}"
password = "${var.postgresql_password}"
sslmode = "verify-full"
connect_timeout = 15
}
provider "scaleway" { provider "scaleway" {
organization_id = "${var.scaleway_organization_id}" organization_id = "${var.scaleway_organization_id}"
project_id = "${var.scaleway_project_id}" project_id = "${var.scaleway_project_id}"

View file

@ -14,6 +14,17 @@ output "hosts" {
} }
} }
output "postgresql_service_roles" {
value = postgresql_role.service_roles
sensitive = true
}
output "postgresql" {
value = {
"host" = var.postgresql_host
"port" = var.postgresql_port
}
}
output "scaleway_service_keys" { output "scaleway_service_keys" {
value = scaleway_iam_api_key.service_keys value = scaleway_iam_api_key.service_keys

23
postgresql.tf Normal file
View file

@ -0,0 +1,23 @@
locals {
service_databases = {for key, val in var.services : key => val if val.database}
}
resource "random_password" "postgresql_service_passwords" {
for_each = local.service_databases
length = 32
special = false
}
resource "postgresql_role" "service_roles" {
for_each = local.service_databases
name = each.value.name
login = true
password = random_password.postgresql_service_passwords[each.key].result
}
resource "postgresql_database" "service_databases" {
for_each = local.service_databases
name = each.value.name
owner = postgresql_role.service_roles[each.key].name
}

View file

@ -15,8 +15,8 @@ forgejo_env:
FORGEJO__database__DB_TYPE: postgres FORGEJO__database__DB_TYPE: postgres
FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}" FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
FORGEJO__database__NAME: forgejo FORGEJO__database__NAME: forgejo
FORGEJO__database__USER: "{{ vault_forgejo.db.user }}" FORGEJO__database__USER: "{{ opentofu.postgresql_service_roles.forgejo.name }}"
FORGEJO__database__PASSWD: "{{ vault_forgejo.db.pass }}" FORGEJO__database__PASSWD: "{{ opentofu.postgresql_service_roles.forgejo.password }}"
FORGEJO__database__SSL_MODE: verify-full FORGEJO__database__SSL_MODE: verify-full
FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true

View file

@ -2,8 +2,8 @@
linkwarden_secret: "{{ vault_linkwarden.secret }}" linkwarden_secret: "{{ vault_linkwarden.secret }}"
linkwarden_db_host_port: "{{ postgres.host }}:{{ postgres.port }}" linkwarden_db_host_port: "{{ postgres.host }}:{{ postgres.port }}"
linkwarden_db_user: "{{ vault_linkwarden.db.user }}" linkwarden_db_user: "{{ opentofu.postgresql_service_roles.linkwarden.name }}"
linkwarden_db_pass: "{{ vault_linkwarden.db.pass }}" linkwarden_db_pass: "{{ opentofu.postgresql_service_roles.linkwarden.password }}"
linkwarden_db_database: linkwarden linkwarden_db_database: linkwarden
linkwarden_s3_accesskey: "{{ opentofu.scaleway_service_keys.linkwarden.access_key }}" linkwarden_s3_accesskey: "{{ opentofu.scaleway_service_keys.linkwarden.access_key }}"

View file

@ -11,13 +11,17 @@ data "scaleway_iam_user" "serguzim" {
email = "tobias@msrg.cc" email = "tobias@msrg.cc"
} }
locals {
service_buckets = {for key, val in var.services : key => val if val.bucket}
}
resource "scaleway_iam_application" "service_applications" { resource "scaleway_iam_application" "service_applications" {
for_each = var.service_buckets for_each = local.service_buckets
name = each.value.name name = each.value.name
} }
resource "scaleway_iam_policy" "service_storage_policies" { resource "scaleway_iam_policy" "service_storage_policies" {
for_each = var.service_buckets for_each = local.service_buckets
name = "${each.key}_storage_policy" name = "${each.key}_storage_policy"
application_id = scaleway_iam_application.service_applications[each.key].id application_id = scaleway_iam_application.service_applications[each.key].id
rule { rule {
@ -27,7 +31,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
} }
resource "scaleway_object_bucket" "service_buckets" { resource "scaleway_object_bucket" "service_buckets" {
for_each = var.service_buckets for_each = local.service_buckets
name = "${each.value.name}.serguzim.me" name = "${each.value.name}.serguzim.me"
lifecycle { lifecycle {
prevent_destroy = true prevent_destroy = true
@ -35,7 +39,7 @@ resource "scaleway_object_bucket" "service_buckets" {
} }
resource "scaleway_object_bucket_policy" "service_bucket_policies" { resource "scaleway_object_bucket_policy" "service_bucket_policies" {
for_each = var.service_buckets for_each = local.service_buckets
bucket = scaleway_object_bucket.service_buckets[each.key].id bucket = scaleway_object_bucket.service_buckets[each.key].id
policy = jsonencode({ policy = jsonencode({
Version = "2023-04-17", Version = "2023-04-17",
@ -74,7 +78,7 @@ resource "time_rotating" "rotate_after_a_year" {
} }
resource "scaleway_iam_api_key" "service_keys" { resource "scaleway_iam_api_key" "service_keys" {
for_each = var.service_buckets for_each = local.service_buckets
description = "Service key for ${each.key}" description = "Service key for ${each.key}"
application_id = scaleway_iam_application.service_applications[each.key].id application_id = scaleway_iam_application.service_applications[each.key].id
expires_at = time_rotating.rotate_after_a_year.rotation_rfc3339 expires_at = time_rotating.rotate_after_a_year.rotation_rfc3339

View file

@ -10,6 +10,9 @@ ovh_application_key = ""
ovh_application_secret = "" ovh_application_secret = ""
ovh_consumer_key = "" ovh_consumer_key = ""
postgresql_username = ""
postgresql_password = ""
scaleway_organization_id = "" scaleway_organization_id = ""
scaleway_project_id = "" scaleway_project_id = ""
scaleway_access_key = "" scaleway_access_key = ""

12
services.auto.tfvars Normal file
View file

@ -0,0 +1,12 @@
services = {
"linkwarden" = {
name = "linkwarden"
bucket = true
database = true
},
"forgejo" = {
name = "forgejo"
bucket = true
database = true
}
}

View file

@ -37,6 +37,23 @@ variable "ovh_consumer_key" {
} }
variable "postgresql_host" {
default = "db.serguzim.me"
}
variable "postgresql_port" {
default = "5432"
}
variable "postgresql_username" {
sensitive = true
}
variable "postgresql_password" {
sensitive = true
}
variable "scaleway_organization_id" { variable "scaleway_organization_id" {
sensitive = true sensitive = true
} }
@ -63,21 +80,12 @@ variable "tailscale_tailnet" {
} }
variable "service_buckets" { variable "services" {
type = map(object({ type = map(object({
name = string name = string
bucket = string bucket = bool
database = bool
})) }))
default = {
"linkwarden" = {
name = "linkwarden"
bucket = "linkwarden.serguzim.me"
},
"forgejo" = {
name = "forgejo"
bucket = "forgejo.serguzim.me"
}
}
} }
variable "hosts" { variable "hosts" {
@ -91,28 +99,4 @@ variable "hosts" {
server_type = optional(string) server_type = optional(string)
datacenter = optional(string) datacenter = optional(string)
})) }))
default = {
"node001" = {
hostname = "node001"
rdns = "node001.serguzim.net"
provider = "contabo"
ipv4_address = "144.91.106.67",
ipv6_address = "2a02:c207:2051:6620::1"
},
"node002" = {
hostname = "node002"
rdns = "node002.serguzim.net"
provider = "contabo"
ipv4_address = "62.171.181.192"
ipv6_address = "2a02:c207:2036:6681::1"
},
"node003" = {
hostname = "node003"
rdns = "mail.serguzim.me"
provider = "hetzner"
image = "debian-12"
server_type = "cx32"
datacenter = "fsn1-dc14"
},
}
} }