beeta/devops/terraform/modules/ssh_keys/main.tf

# =============================================================================
# Admin SSH Keys (provided by user)
# =============================================================================

resource "digitalocean_ssh_key" "admin" {
  for_each = var.admin_ssh_public_keys

  name       = "${var.project_name}-${var.environment}-${each.key}"
  public_key = each.value
}

# =============================================================================
# Deploy Key (auto-generated for Forgejo Actions CI/CD)
# =============================================================================

resource "tls_private_key" "deploy" {
  algorithm = "ED25519"
}

resource "digitalocean_ssh_key" "deploy" {
  name       = "${var.project_name}-${var.environment}-deploy-key"
  public_key = tls_private_key.deploy.public_key_openssh
}

# =============================================================================
# Save deploy key locally for initial setup (optional)
# =============================================================================

resource "local_sensitive_file" "deploy_private_key" {
  content         = tls_private_key.deploy.private_key_openssh
  filename        = "${path.root}/.secrets/deploy_key_${var.environment}"
  file_permission = "0600"
}

# =============================================================================
# Internal VPC Key (jump host → internal servers like Forgejo)
# =============================================================================

resource "tls_private_key" "internal" {
  algorithm = "ED25519"
}

resource "digitalocean_ssh_key" "internal" {
  name       = "${var.project_name}-${var.environment}-internal-key"
  public_key = tls_private_key.internal.public_key_openssh
}
Initial commit - realms platform 2026-01-05 22:54:27 -05:00			`# =============================================================================`
			`# Admin SSH Keys (provided by user)`
			`# =============================================================================`

			`resource "digitalocean_ssh_key" "admin" {`
			`for_each = var.admin_ssh_public_keys`

			`name = "${var.project_name}-${var.environment}-${each.key}"`
			`public_key = each.value`
			`}`

			`# =============================================================================`
			`# Deploy Key (auto-generated for Forgejo Actions CI/CD)`
			`# =============================================================================`

			`resource "tls_private_key" "deploy" {`
			`algorithm = "ED25519"`
			`}`

			`resource "digitalocean_ssh_key" "deploy" {`
			`name = "${var.project_name}-${var.environment}-deploy-key"`
			`public_key = tls_private_key.deploy.public_key_openssh`
			`}`

			`# =============================================================================`
			`# Save deploy key locally for initial setup (optional)`
			`# =============================================================================`

			`resource "local_sensitive_file" "deploy_private_key" {`
			`content = tls_private_key.deploy.private_key_openssh`
			`filename = "${path.root}/.secrets/deploy_key_${var.environment}"`
			`file_permission = "0600"`
			`}`

			`# =============================================================================`
			`# Internal VPC Key (jump host → internal servers like Forgejo)`
			`# =============================================================================`

			`resource "tls_private_key" "internal" {`
			`algorithm = "ED25519"`
			`}`

			`resource "digitalocean_ssh_key" "internal" {`
			`name = "${var.project_name}-${var.environment}-internal-key"`
			`public_key = tls_private_key.internal.public_key_openssh`
			`}`