chore(do): initialise terraform for example (#5)

* chore(do): initialise terraform for example Signed-off-by: Bruce Becker <[email protected]> * ci: run CI on PRs to devel and master Signed-off-by: Bruce Becker <[email protected]> * ci: run lint with backwards compat as well as latest Signed-off-by: Bruce Becker <[email protected]> * ci: use matrix version in CI Signed-off-by: Bruce Becker <[email protected]> * ci: so much for github workflow validation Signed-off-by: Bruce Becker <[email protected]> * ci: what's up with matrix Signed-off-by: Bruce Becker <[email protected]> * chore: check if it's the @$ that's breaking Signed-off-by: Bruce Becker <[email protected]> * ci: bump version to 24.2.1 Signed-off-by: Bruce Becker <[email protected]> * ci: fix task name Signed-off-by: Bruce Becker <[email protected]> * build(do): add database and user Signed-off-by: Bruce Becker <[email protected]> * build(do): add droplet and db firewall Signed-off-by: Bruce Becker <[email protected]> --------- Signed-off-by: Bruce Becker <[email protected]>
brucellino · Dec 9, 2024 · e2dfae9 · e2dfae9
1 parent 9d17329
commit e2dfae9
Show file tree

Hide file tree

Showing 6 changed files with 186 additions and 2 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -2,12 +2,16 @@
 name: ansible-lint
 on:
   pull_request:
-    branches: ["main"]
+    branches: ["devel", "master"]
 jobs:
   build:
+  # Apparently, variables do not have a context until actions are actually executed
+  # so we cannot make a matrix  out of action versions.
+  # Thanks, Obama.
+  # See https://github.com/orgs/community/discussions/110550
     name: Ansible Lint
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Run ansible-lint
-        uses: ansible/ansible-lint@v6.22.2
+        uses: ansible/ansible-lint@v24.2.1
diff --git a/examples/digital-ocean/.gitignore b/examples/digital-ocean/.gitignore
@@ -0,0 +1,37 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+# Ignore ssh keys
+do
+do.pub
diff --git a/examples/digital-ocean/.terraform.lock.hcl b/examples/digital-ocean/.terraform.lock.hcl
diff --git a/examples/digital-ocean/main.tf b/examples/digital-ocean/main.tf
@@ -0,0 +1,70 @@
+resource "digitalocean_vpc" "rciam" {
+  name   = "rciam-${var.deployment_name}"
+  region = var.region
+}
+
+resource "digitalocean_database_cluster" "rciam" {
+  name       = "rciam-db-${var.deployment_name}"
+  engine     = "pg"
+  version    = var.pg_version
+  region     = var.region
+  node_count = 1
+  size       = var.db_size
+}
+
+resource "digitalocean_database_user" "rciam" {
+  name       = var.db_user
+  cluster_id = digitalocean_database_cluster.rciam.id
+}
+
+resource "digitalocean_database_db" "rciam" {
+  name       = var.db_name
+  cluster_id = digitalocean_database_cluster.rciam.id
+}
+
+resource "digitalocean_ssh_key" "rciam" {
+  name       = "value"
+  public_key = file("${path.module}/do.pub")
+}
+
+data "digitalocean_images" "ubuntu" {
+  filter {
+    key    = "distribution"
+    values = ["Ubuntu"]
+  }
+  filter {
+    key    = "regions"
+    values = ["ams3"]
+  }
+
+  sort {
+    key       = "name"
+    direction = "desc"
+  }
+}
+resource "digitalocean_droplet" "keycloak" {
+  name          = "keycloak-${var.deployment_name}"
+  vpc_uuid      = digitalocean_vpc.rciam.id
+  size          = "value"
+  ssh_keys      = [digitalocean_ssh_key.rciam.id]
+  image         = data.digitalocean_images.ubuntu.images[0].id
+  backups       = false
+  monitoring    = true
+  ipv6          = false
+  region        = "ams3"
+  droplet_agent = true
+}
+
+resource "digitalocean_database_firewall" "keycloak" {
+  cluster_id = digitalocean_database_cluster.rciam.id
+  rule {
+    type  = "droplet"
+    value = digitalocean_droplet.keycloak.id
+  }
+}
+
+
+# name: Configure PostgreSQL client authentication
+# name: Configure PostgreSQL users
+# name: Configure privileges of PostgreSQL users
+# name: Configure PostgreSQL databases
diff --git a/examples/digital-ocean/terraform.tf b/examples/digital-ocean/terraform.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_version = "~> 1.7"
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.36"
+    }
+  }
+  backend "local" {}
+}
+
+provider "digitalocean" {}
diff --git a/examples/digital-ocean/variables.tf b/examples/digital-ocean/variables.tf
@@ -0,0 +1,35 @@
+variable "deployment_name" {
+  type        = string
+  description = "Name of the deployment of this instance"
+  default     = "default"
+}
+
+variable "region" {
+  type        = string
+  description = "Name of the DigitalOcean region we are creating the VPC in"
+  default     = "ams3"
+}
+
+variable "pg_version" {
+  type        = string
+  description = "Postgres version of managed DB"
+  default     = "11"
+}
+
+variable "db_size" {
+  type        = string
+  description = "Instance size for PostgreSQL db."
+  default     = "db-s-1-vcpu-1gb"
+}
+
+variable "db_user" {
+  type        = string
+  description = "Username to connect to DB"
+  default     = "postgres"
+}
+
+variable "db_name" {
+  type        = string
+  description = "Name fo the PostGres database for RCIAM"
+  default     = "rciam"
+}