From 14592b9b1a43aa67e74a51f6a6bc521227bd8908 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Fri, 29 Mar 2024 08:32:16 +0100 Subject: [PATCH] build(do): add droplet and db firewall Signed-off-by: Bruce Becker --- examples/digital-ocean/.gitignore | 3 ++ examples/digital-ocean/main.tf | 52 +++++++++++++++++++++++++++++ examples/digital-ocean/variables.tf | 6 ++++ 3 files changed, 61 insertions(+) diff --git a/examples/digital-ocean/.gitignore b/examples/digital-ocean/.gitignore index 6304eb3c..3a70aaf0 100644 --- a/examples/digital-ocean/.gitignore +++ b/examples/digital-ocean/.gitignore @@ -32,3 +32,6 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc +# Ignore ssh keys +do +do.pub diff --git a/examples/digital-ocean/main.tf b/examples/digital-ocean/main.tf index 35eb8c03..a147cd17 100644 --- a/examples/digital-ocean/main.tf +++ b/examples/digital-ocean/main.tf @@ -16,3 +16,55 @@ resource "digitalocean_database_user" "rciam" { name = var.db_user cluster_id = digitalocean_database_cluster.rciam.id } + +resource "digitalocean_database_db" "rciam" { + name = var.db_name + cluster_id = digitalocean_database_cluster.rciam.id +} + +resource "digitalocean_ssh_key" "rciam" { + name = "value" + public_key = file("${path.module}/do.pub") +} + +data "digitalocean_images" "ubuntu" { + filter { + key = "distribution" + values = ["Ubuntu"] + } + filter { + key = "regions" + values = ["ams3"] + } + + sort { + key = "name" + direction = "desc" + } +} +resource "digitalocean_droplet" "keycloak" { + name = "keycloak-${var.deployment_name}" + vpc_uuid = digitalocean_vpc.rciam.id + size = "value" + ssh_keys = [digitalocean_ssh_key.rciam.id] + image = data.digitalocean_images.ubuntu.images[0].id + backups = false + monitoring = true + ipv6 = false + region = "ams3" + droplet_agent = true +} + +resource "digitalocean_database_firewall" "keycloak" { + cluster_id = digitalocean_database_cluster.rciam.id + rule { + type = "droplet" + value = digitalocean_droplet.keycloak.id + } +} + + +# name: Configure PostgreSQL client authentication +# name: Configure PostgreSQL users +# name: Configure privileges of PostgreSQL users +# name: Configure PostgreSQL databases diff --git a/examples/digital-ocean/variables.tf b/examples/digital-ocean/variables.tf index 9872f2fa..0756802d 100644 --- a/examples/digital-ocean/variables.tf +++ b/examples/digital-ocean/variables.tf @@ -27,3 +27,9 @@ variable "db_user" { description = "Username to connect to DB" default = "postgres" } + +variable "db_name" { + type = string + description = "Name fo the PostGres database for RCIAM" + default = "rciam" +}