GaloyMoney · bodymindarts · Apr 23, 2024 · Apr 23, 2024
diff --git a/examples/gcp/postgresql/main.tf b/examples/gcp/postgresql/main.tf
@@ -8,11 +8,12 @@ module "postgresql" {
   source = "git::https://github.com/GaloyMoney/galoy-infra.git//modules/postgresql/gcp?ref=caa0cd8"
   # source = "../../../modules/postgresql/gcp"
 
-  instance_name      = "${var.name_prefix}-pg"
-  vpc_name           = "${var.name_prefix}-vpc"
-  gcp_project        = var.gcp_project
-  destroyable        = var.destroyable_postgres
-  user_can_create_db = true
-  databases          = ["stablesats"]
-  replication        = true
+  instance_name          = "${var.name_prefix}-pg"
+  vpc_name               = "${var.name_prefix}-vpc"
+  gcp_project            = var.gcp_project
+  destroyable            = var.destroyable_postgres
+  user_can_create_db     = true
+  databases              = []
+  replication            = true
+  provision_read_replica = true
 }
diff --git a/modules/postgresql/gcp/main.tf b/modules/postgresql/gcp/main.tf
@@ -52,10 +52,11 @@ resource "google_sql_database_instance" "instance" {
     backup_configuration {
       enabled                        = true
       point_in_time_recovery_enabled = true
+      binary_log_enabled             = true
     }
 
     ip_configuration {
-      ipv4_enabled    = true
+      ipv4_enabled    = false
       private_network = data.google_compute_network.vpc.id
     }
   }

diff --git a/modules/postgresql/gcp/outputs.tf b/modules/postgresql/gcp/outputs.tf
@@ -9,11 +9,13 @@ output "private_ip" {
 output "creds" {
   value = {
     for db in local.databases : db => {
-      db_name  = db
-      user     = module.database[db].user
-      password = module.database[db].password
-      conn     = "postgres://${module.database[db].user}:${module.database[db].password}@${google_sql_database_instance.instance.private_ip_address}:5432/${db}"
-      host     = google_sql_database_instance.instance.private_ip_address
+      db_name   = db
+      user      = module.database[db].user
+      password  = module.database[db].password
+      conn      = "postgres://${module.database[db].user}:${module.database[db].password}@${google_sql_database_instance.instance.private_ip_address}:5432/${db}"
+      read_conn = local.provision_read_replica ? "postgres://${module.database[db].user}:${module.database[db].password}@${google_sql_database_instance.replica[0].private_ip_address}:5432/${db}" : ""
+      host      = google_sql_database_instance.instance.private_ip_address
+      read_host = local.provision_read_replica ? google_sql_database_instance.instance.private_ip_address : ""
     }
   }
   sensitive = true

diff --git a/modules/postgresql/gcp/read-replica.tf b/modules/postgresql/gcp/read-replica.tf
@@ -0,0 +1,60 @@
+resource "google_sql_database_instance" "replica" {
+  count                = local.provision_read_replica ? 1 : 0
+  name                 = "${local.instance_name}-${random_id.db_name_suffix.hex}-replica"
+  master_instance_name = "${local.instance_name}-${random_id.db_name_suffix.hex}"
+
+  project             = local.gcp_project
+  database_version    = "POSTGRES_14"
+  region              = local.region
+  deletion_protection = !local.destroyable
+
+  settings {
+    tier              = local.tier
+    availability_type = local.highly_available ? "REGIONAL" : "ZONAL"
+
+    dynamic "database_flags" {
+      for_each = local.max_connections > 0 ? [local.max_connections] : []
+      content {
+        name  = "max_connections"
+        value = local.max_connections
+      }
+    }
+
+    dynamic "database_flags" {
+      for_each = var.enable_detailed_logging ? [{
+        name  = "log_statement"
+        value = "all"
+        }, {
+        name  = "log_lock_waits"
+        value = "on"
+      }] : []
+      content {
+        name  = database_flags.value.name
+        value = database_flags.value.value
+      }
+    }
+
+    dynamic "database_flags" {
+      for_each = local.replication ? ["on"] : []
+      content {
+        name  = "cloudsql.logical_decoding"
+        value = "on"
+      }
+    }
+
+    backup_configuration {
+      enabled = false
+    }
+
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = data.google_compute_network.vpc.id
+    }
+  }
+
+  timeouts {
+    create = "45m"
+    update = "45m"
+    delete = "45m"
+  }
+}
diff --git a/modules/postgresql/gcp/variables.tf b/modules/postgresql/gcp/variables.tf
@@ -34,17 +34,23 @@ variable "replication" {
   type        = bool
   default     = false
 }
+variable "provision_read_replica" {
+  description = "Provision read replica"
+  type        = bool
+  default     = false
+}
 
 locals {
-  gcp_project       = var.gcp_project
-  vpc_name          = var.vpc_name
-  region            = var.region
-  instance_name     = var.instance_name
-  destroyable       = var.destroyable
-  highly_available  = var.highly_available
-  tier              = var.tier
-  max_connections   = var.max_connections
-  databases         = var.databases
-  big_query_viewers = var.big_query_viewers
-  replication       = var.replication
+  gcp_project            = var.gcp_project
+  vpc_name               = var.vpc_name
+  region                 = var.region
+  instance_name          = var.instance_name
+  destroyable            = var.destroyable
+  highly_available       = var.highly_available
+  tier                   = var.tier
+  max_connections        = var.max_connections
+  databases              = var.databases
+  big_query_viewers      = var.big_query_viewers
+  replication            = var.replication
+  provision_read_replica = var.provision_read_replica
 }