feat: deploy postgres server

2026-01-13 13:01:03 +00:00 · 2023-09-23 12:27:57 +02:00 · 2023-09-23 12:27:57 +02:00 · eb72e031d4
commit eb72e031d4
parent fe3a5cee2e
5 changed files with 79 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
 keys/id_terraform*
-credentials.tfvars
+credentials.auto.tfvars
 terraform.tfstate*
 .terraform

--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@ -1,6 +1,26 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.

+provider "registry.terraform.io/hashicorp/http" {
+  version     = "3.4.0"
+  constraints = ">= 3.3.0"
+  hashes = [
+    "h1:h3URn6qAnP36OlSqI1tTuKgPL3GriZaJia9ZDrUvRdg=",
+    "zh:56712497a87bc4e91bbaf1a5a2be4b3f9cfa2384baeb20fc9fad0aff8f063914",
+    "zh:6661355e1090ebacab16a40ede35b029caffc279d67da73a000b6eecf0b58eba",
+    "zh:67b92d343e808b92d7e6c3bbcb9b9d5475fecfed0836963f7feb9d9908bd4c4f",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:86ebb9be9b685c96dbb5c024b55d87526d57a4b127796d6046344f8294d3f28e",
+    "zh:902be7cfca4308cba3e1e7ba6fc292629dfd150eb9a9f054a854fa1532b0ceba",
+    "zh:9ba26e0215cd53b21fe26a0a98c007de1348b7d13a75ae3cfaf7729e0f2c50bb",
+    "zh:a195c941e1f1526147134c257ff549bea4c89c953685acd3d48d9de7a38f39dc",
+    "zh:a7967b3d2a8c3e7e1dc9ae381ca753268f9fce756466fe2fc9e414ca2d85a92e",
+    "zh:bde56542e9a093434d96bea21c341285737c6d38fea2f05e12ba7b333f3e9c05",
+    "zh:c0306f76903024c497fd01f9fd9bace5854c263e87a97bc2e89dcc96d35ca3cc",
+    "zh:f9335a6c336171e85f8e3e99c3d31758811a19aeb21fa8c9013d427e155ae2a9",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/random" {
  version = "3.5.1"
  hashes = [
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 TF=terraform
-TFFLAGS=-var-file=credentials.tfvars
+TFFLAGS=""
 VALIDATE=terraform validate

 apply: init
--- a/postgres.tf
+++ b/postgres.tf
@ -0,0 +1,47 @@
+resource "hcloud_volume" "postgres_data" {
+  name      = "postgres-data"
+  location  = "fsn1"
+  format    = "ext4"
+  automount = true
+  size      = 10
+}
+
+resource "hcloud_volume" "postgres_backup" {
+  name      = "postgres-backup"
+  location  = "fsn1"
+  format    = "ext4"
+  automount = true
+  size      = 10
+}
+
+module "postgres" {
+  source  = "pellepelster/solidblocks-rds-postgresql/hcloud"
+  version = "0.1.19"
+
+  data_volume   = hcloud_volume.postgres_data.id
+  backup_volume = hcloud_volume.postgres_backup.id
+
+  databases = var.postgres_databases
+
+  location = "fsn1"
+
+  name                   = "postgres"
+  postgres_major_version = "15"
+  server_type            = "cax11"
+  ssh_keys               = [data.hcloud_ssh_key.default.id]
+
+  ssl_enable              = true
+  ssl_domains             = ["pg.apricote.de"]
+  ssl_email               = "certs@apricote.de"
+  ssl_dns_provider        = "hetzner"
+  ssl_dns_provider_config = { HETZNER_API_KEY : var.hetzner_dns_token }
+}
+
+resource "hetznerdns_record" "pg_apricote_de_a" {
+  zone_id = hetznerdns_zone.apricote_de.id
+
+  name  = "pg"
+  value = module.postgres.ipv4_address
+  type  = "A"
+  ttl   = 60
+}
--- a/variables.tf
+++ b/variables.tf
@ -3,3 +3,13 @@ variable "listory_token" {
  type        = string
  sensitive   = true
 }
+
+variable "postgres_databases" {
+  description = "Postgres databases to create"
+  type        = list(object({
+    id       = string
+    user     = string
+    password = string
+  }))
+  sensitive = true
+}