build(do): add droplet and db firewall

Signed-off-by: Bruce Becker <[email protected]>

examples/digital-ocean/.gitignore

@@ -32,3 +32,6 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+# Ignore ssh keys
+do
+do.pub

examples/digital-ocean/main.tf

@@ -16,3 +16,55 @@ resource "digitalocean_database_user" "rciam" {
   name       = var.db_user
   cluster_id = digitalocean_database_cluster.rciam.id
 }
+
+resource "digitalocean_database_db" "rciam" {
+  name       = var.db_name
+  cluster_id = digitalocean_database_cluster.rciam.id
+}
+
+resource "digitalocean_ssh_key" "rciam" {
+  name       = "value"
+  public_key = file("${path.module}/do.pub")
+}
+
+data "digitalocean_images" "ubuntu" {
+  filter {
+    key    = "distribution"
+    values = ["Ubuntu"]
+  }
+  filter {
+    key    = "regions"
+    values = ["ams3"]
+  }
+
+  sort {
+    key       = "name"
+    direction = "desc"
+  }
+}
+resource "digitalocean_droplet" "keycloak" {
+  name          = "keycloak-${var.deployment_name}"
+  vpc_uuid      = digitalocean_vpc.rciam.id
+  size          = "value"
+  ssh_keys      = [digitalocean_ssh_key.rciam.id]
+  image         = data.digitalocean_images.ubuntu.images[0].id
+  backups       = false
+  monitoring    = true
+  ipv6          = false
+  region        = "ams3"
+  droplet_agent = true
+}
+
+resource "digitalocean_database_firewall" "keycloak" {
+  cluster_id = digitalocean_database_cluster.rciam.id
+  rule {
+    type  = "droplet"
+    value = digitalocean_droplet.keycloak.id
+  }
+}
+
+
+# name: Configure PostgreSQL client authentication
+# name: Configure PostgreSQL users
+# name: Configure privileges of PostgreSQL users
+# name: Configure PostgreSQL databases

examples/digital-ocean/variables.tf

@@ -27,3 +27,9 @@ variable "db_user" {
   description = "Username to connect to DB"
   default     = "postgres"
 }
+
+variable "db_name" {
+  type        = string
+  description = "Name fo the PostGres database for RCIAM"
+  default     = "rciam"
+}