home-cloud/postgres.tf

locals {
  postgres_dns = "pg.apricote.de"
}

resource "hcloud_volume" "postgres_data" {
  name     = "postgres-data"
  location = "fsn1"
  format   = "ext4"
  size     = 10
}

resource "hcloud_volume" "postgres_backup" {
  name     = "postgres-backup"
  location = "fsn1"
  format   = "ext4"
  size     = 10
}

module "postgres" {
  source = "../solidblocks/solidblocks-hetzner/modules/rds-postgresql"
  # version = "0.1.19"

  data_volume   = hcloud_volume.postgres_data.id
  backup_volume = hcloud_volume.postgres_backup.id

  databases         = var.postgres_databases
  db_admin_password = var.postgres_password_admin

  location = "fsn1"

  name                   = "postgres"
  postgres_major_version = "15"
  server_type            = "cax11"
  ssh_keys               = [data.hcloud_ssh_key.default.id]

  ssl_enable              = true
  ssl_domains             = [local.postgres_dns]
  ssl_email               = "certs@apricote.de"
  ssl_dns_provider        = "hetzner"
  ssl_dns_provider_config = { HETZNER_API_KEY : var.hetzner_dns_token }

  postgres_extra_config = replace(<<-EOT
# DB Version: 15
# OS Type: linux
# DB Type: mixed
# Total Memory (RAM): 4 GB
# CPUs num: 2
# Connections num: 50
# Data Storage: san

max_connections = 100
shared_buffers = 1GB
effective_cache_size = 3GB
maintenance_work_mem = 256MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 300
work_mem = 5242kB
huge_pages = off
min_wal_size = 1GB
max_wal_size = 4GB

# pg_stats_statements
# https://www.postgresql.org/docs/current/pgstatstatements.html
shared_preload_libraries = 'pg_stat_statements'
compute_query_id = 'on'
EOT
    , "\n", "\\n")
  # password_encryption = 'scram-sha-256'

  post_script = <<-EOT
apt-get install --no-install-recommends -qq -y postgresql-client
EOT
}

resource "hetznerdns_record" "pg_apricote_de_a" {
  zone_id = hetznerdns_zone.apricote_de.id

  name  = "pg"
  value = module.postgres.ipv4_address
  type  = "A"
  ttl   = 60
}

resource "hetznerdns_record" "pg_apricote_de_aaaa" {
  zone_id = hetznerdns_zone.apricote_de.id

  name  = "pg"
  value = module.postgres.ipv6_address
  type  = "AAAA"
  ttl   = 60
}

provider "postgresql" {
  host            = local.postgres_dns
  port            = 5432
  database        = "postgres"
  username        = "rds"
  password        = var.postgres_password_admin
  sslmode         = "verify-full"
  connect_timeout = 15
}

# Listory
resource "postgresql_role" "listory" {
  name     = "listory"
  login    = true
  password = var.postgres_password_listory
}

resource "postgresql_database" "listory" {
  name              = "listory"
  owner             = postgresql_role.listory.name
  lc_collate        = "de-DE.UTF-8"
  lc_ctype          = "de-DE.UTF-8"
  connection_limit  = -1
  allow_connections = true
}

resource "postgresql_extension" "listory_pgcrypto" {
  name     = "pgcrypto"
  database = postgresql_database.listory.name
}

resource "postgresql_extension" "listory_uuid" {
  name     = "uuid-ossp"
  database = postgresql_database.listory.name
}

# Gitea
resource "postgresql_role" "gitea" {
  name     = "gitea"
  login    = true
  password = var.postgres_password_gitea
}

resource "postgresql_database" "gitea" {
  name              = "gitea"
  owner             = postgresql_role.gitea.name
  lc_collate        = "de-DE.UTF-8"
  lc_ctype          = "de-DE.UTF-8"
  connection_limit  = -1
  allow_connections = true
}

# pghero + postgres_exporter
resource "postgresql_extension" "pg_stat_statements" {
  for_each = toset([
    postgresql_database.listory.name,
    postgresql_database.gitea.name
  ])
  name     = "pg_stat_statements"
  database = each.value
}

# postgres_exporter
resource "postgresql_role" "exporter" {
  name     = "exporter"
  login    = true
  password = var.postgres_password_exporter

  roles = ["pg_monitor"]
}