feat: added postgresql module

2023-06-04 18:45:08 +02:00 · 2023-06-04 18:45:08 +02:00 · 8f6837c5f2
parent 0b95db5858
commit 8f6837c5f2
5 changed files with 85 additions and 0 deletions
--- a/lan/justfile
+++ b/lan/justfile
@ -9,6 +9,7 @@ passwd := `pass pg.monotremata.xyz/terraform`
 # conn_str := f"postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}"

 export TF_VAR_hetzner_token := `pass hetzner.com/tokens/suricata`
+export TF_VAR_pg_passwd := `pass pg.monotremata.xyz/terraform`

 init:
    terraform init -backend-config="conn_str=postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}"
--- a/lan/main.tf
+++ b/lan/main.tf
@ -12,3 +12,11 @@ module "cert-manager" {
  dns_common_name = var.dns_common_name
  dns_names       = var.dns_names
 }
+
+module "postgresql" {
+  source   = "../modules/postgresql"
+  host     = "pg.monotremata.xyz"
+  password = var.pg_passwd
+  username = "terraform"
+  db_owner = "rilla"
+}
--- a/lan/variables.tf
+++ b/lan/variables.tf
@ -31,3 +31,9 @@ variable "dns_names" {
    "*.suricata.monotremata.xyz",
  ]
 }
+
+variable "pg_passwd" {
+  type        = string
+  sensitive   = true
+  description = "postgresql password"
+}
--- a/modules/postgresql/main.tf
+++ b/modules/postgresql/main.tf
@ -0,0 +1,43 @@
+terraform {
+  required_providers {
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = ">= 1.19.0"
+    }
+  }
+}
+
+provider "postgresql" {
+  host     = var.host
+  port     = var.port
+  username = var.username
+  password = var.password
+}
+
+resource "postgresql_database" "terraform_backend_db" {
+  name            = "terraform_backend"
+  owner           = var.db_owner
+  encoding        = "UTF8"
+  tablespace_name = "pg_default"
+}
+
+resource "postgresql_database" "terraform_lan_db" {
+  name            = "terraform_lan"
+  owner           = var.db_owner
+  encoding        = "UTF8"
+  tablespace_name = "pg_default"
+}
+
+resource "postgresql_grant" "terraform_backend_db_grant" {
+  database    = postgresql_database.terraform_backend_db.name
+  privileges  = ["CONNECT", "CREATE", "TEMPORARY"]
+  object_type = "database"
+  role        = var.username
+}
+
+resource "postgresql_grant" "terraform_lan_db_grant" {
+  database    = postgresql_database.terraform_lan_db.name
+  privileges  = ["CONNECT", "CREATE", "TEMPORARY"]
+  object_type = "database"
+  role        = var.username
+}
--- a/modules/postgresql/variables.tf
+++ b/modules/postgresql/variables.tf
@ -0,0 +1,27 @@
+variable "host" {
+  type        = string
+  description = "postgresql host"
+}
+
+variable "port" {
+  type        = number
+  description = "postgresql post"
+  default     = 5432
+}
+
+variable "password" {
+  type        = string
+  description = "postgresql password"
+  sensitive   = true
+}
+
+variable "username" {
+  type        = string
+  description = "postgresql username"
+  sensitive   = true
+}
+
+variable "db_owner" {
+  type        = string
+  description = "postgresql database owner"
+}