feat: finish up new postgres setup

postgres.tf

@@ -1,27 +1,30 @@
+locals {
+  postgres_dns = "pg.apricote.de"
+}
+
 resource "hcloud_volume" "postgres_data" {
-  name      = "postgres-data"
-  location  = "fsn1"
-  format    = "ext4"
-  automount = true
-  size      = 10
+  name     = "postgres-data"
+  location = "fsn1"
+  format   = "ext4"
+  size     = 10
 }
 
 resource "hcloud_volume" "postgres_backup" {
-  name      = "postgres-backup"
-  location  = "fsn1"
-  format    = "ext4"
-  automount = true
-  size      = 10
+  name     = "postgres-backup"
+  location = "fsn1"
+  format   = "ext4"
+  size     = 10
 }
 
 module "postgres" {
-  source  = "pellepelster/solidblocks-rds-postgresql/hcloud"
-  version = "0.1.19"
+  source = "../solidblocks/solidblocks-hetzner/modules/rds-postgresql"
+  # version = "0.1.19"
 
   data_volume   = hcloud_volume.postgres_data.id
   backup_volume = hcloud_volume.postgres_backup.id
 
-  databases = var.postgres_databases
+  databases         = var.postgres_databases
+  db_admin_password = var.postgres_password_admin
 
   location = "fsn1"
 
@@ -31,10 +34,45 @@ module "postgres" {
   ssh_keys               = [data.hcloud_ssh_key.default.id]
 
   ssl_enable              = true
-  ssl_domains             = ["pg.apricote.de"]
+  ssl_domains             = [local.postgres_dns]
   ssl_email               = "certs@apricote.de"
   ssl_dns_provider        = "hetzner"
   ssl_dns_provider_config = { HETZNER_API_KEY : var.hetzner_dns_token }
+
+  postgres_extra_config = replace(<<-EOT
+# DB Version: 15
+# OS Type: linux
+# DB Type: mixed
+# Total Memory (RAM): 4 GB
+# CPUs num: 2
+# Connections num: 50
+# Data Storage: san
+
+max_connections = 100
+shared_buffers = 1GB
+effective_cache_size = 3GB
+maintenance_work_mem = 256MB
+checkpoint_completion_target = 0.9
+wal_buffers = 16MB
+default_statistics_target = 100
+random_page_cost = 1.1
+effective_io_concurrency = 300
+work_mem = 5242kB
+huge_pages = off
+min_wal_size = 1GB
+max_wal_size = 4GB
+
+# pg_stats_statements
+# https://www.postgresql.org/docs/current/pgstatstatements.html
+shared_preload_libraries = 'pg_stat_statements'
+compute_query_id = 'on'
+EOT
+    , "\n", "\\n")
+  # password_encryption = 'scram-sha-256'
+
+  post_script = <<-EOT
+apt-get install --no-install-recommends -qq -y postgresql-client
+EOT
 }
 
 resource "hetznerdns_record" "pg_apricote_de_a" {
@@ -45,3 +83,83 @@ resource "hetznerdns_record" "pg_apricote_de_a" {
   type  = "A"
   ttl   = 60
 }
+
+resource "hetznerdns_record" "pg_apricote_de_aaaa" {
+  zone_id = hetznerdns_zone.apricote_de.id
+
+  name  = "pg"
+  value = module.postgres.ipv6_address
+  type  = "AAAA"
+  ttl   = 60
+}
+
+provider "postgresql" {
+  host            = local.postgres_dns
+  port            = 5432
+  database        = "postgres"
+  username        = "rds"
+  password        = var.postgres_password_admin
+  sslmode         = "verify-full"
+  connect_timeout = 15
+}
+
+# Listory
+resource "postgresql_role" "listory" {
+  name     = "listory"
+  login    = true
+  password = var.postgres_password_listory
+}
+
+resource "postgresql_database" "listory" {
+  name              = "listory"
+  owner             = postgresql_role.listory.name
+  lc_collate        = "de-DE.UTF-8"
+  lc_ctype          = "de-DE.UTF-8"
+  connection_limit  = -1
+  allow_connections = true
+}
+
+resource "postgresql_extension" "listory_pgcrypto" {
+  name     = "pgcrypto"
+  database = postgresql_database.listory.name
+}
+
+resource "postgresql_extension" "listory_uuid" {
+  name     = "uuid-ossp"
+  database = postgresql_database.listory.name
+}
+
+# Gitea
+resource "postgresql_role" "gitea" {
+  name     = "gitea"
+  login    = true
+  password = var.postgres_password_gitea
+}
+
+resource "postgresql_database" "gitea" {
+  name              = "gitea"
+  owner             = postgresql_role.gitea.name
+  lc_collate        = "de-DE.UTF-8"
+  lc_ctype          = "de-DE.UTF-8"
+  connection_limit  = -1
+  allow_connections = true
+}
+
+# pghero + postgres_exporter
+resource "postgresql_extension" "pg_stat_statements" {
+  for_each = toset([
+    postgresql_database.listory.name,
+    postgresql_database.gitea.name
+  ])
+  name     = "pg_stat_statements"
+  database = each.value
+}
+
+# postgres_exporter
+resource "postgresql_role" "exporter" {
+  name     = "exporter"
+  login    = true
+  password = var.postgres_password_exporter
+
+  roles = ["pg_monitor"]
+}