Initial commit - realms platform

2026-01-06 00:26:54 -05:00 · 2026-01-06 00:26:54 -05:00 · b3682b1936
commit b3682b1936
parent 2aa075e842
12 changed files with 148 additions and 100 deletions
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -16,11 +16,19 @@ locals {
 # SSH Keys
 # =============================================================================

-resource "digitalocean_ssh_key" "admin" {
-  for_each = var.admin_ssh_public_keys
+# Get all SSH keys on account
+data "digitalocean_ssh_keys" "all" {}

-  name       = "${var.project_name}-app-${var.environment}-${each.key}"
-  public_key = each.value
+# Find the internal VPC key (created by devops/terraform for jump host access)
+locals {
+  internal_key_name = "${var.project_name}-${var.environment}-internal-key"
+  internal_key_ids  = [for k in data.digitalocean_ssh_keys.all.ssh_keys : k.id if k.name == local.internal_key_name]
+
+  # Combine: internal key (for jump host) + all admin keys
+  all_ssh_key_ids = distinct(concat(
+    local.internal_key_ids,
+    [for k in data.digitalocean_ssh_keys.all.ssh_keys : k.id]
+  ))
 }

 # =============================================================================
@ -35,7 +43,7 @@ module "app_server" {
  region           = var.region
  vpc_uuid         = var.vpc_uuid
  vpc_ip_range     = var.vpc_ip_range
-  ssh_keys         = [for key in digitalocean_ssh_key.admin : key.id]
+  ssh_keys         = local.all_ssh_key_ids
  droplet_size     = var.app_droplet_size
  droplet_image    = var.app_droplet_image
  ssh_port         = var.app_ssh_port
@ -44,5 +52,6 @@ module "app_server" {
  tags             = local.common_tags
  manage_dns       = var.manage_dns
  dns_zone         = var.dns_zone
+  dns_record_name  = var.dns_record_name
  forgejo_registry = var.forgejo_registry
 }
--- a/terraform/modules/app_server/main.tf
+++ b/terraform/modules/app_server/main.tf
@ -180,17 +180,7 @@ resource "digitalocean_record" "app" {

  domain = var.dns_zone
  type   = "A"
-  name   = "@"
-  value  = digitalocean_droplet.app.ipv4_address
-  ttl    = 600
-}
-
-resource "digitalocean_record" "app_www" {
-  count = var.manage_dns ? 1 : 0
-
-  domain = var.dns_zone
-  type   = "A"
-  name   = "www"
+  name   = var.dns_record_name
  value  = digitalocean_droplet.app.ipv4_address
  ttl    = 600
 }
--- a/terraform/modules/app_server/variables.tf
+++ b/terraform/modules/app_server/variables.tf
@ -84,6 +84,12 @@ variable "dns_zone" {
  default     = "realms.pub"
 }

+variable "dns_record_name" {
+  description = "DNS record name (subdomain). Use '@' for root or 'beeta' for beeta.realms.pub"
+  type        = string
+  default     = "beeta"
+}
+
 # =============================================================================
 # Forgejo Registry
 # =============================================================================
--- a/terraform/modules/app_server/versions.tf
+++ b/terraform/modules/app_server/versions.tf
@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.34"
+    }
+  }
+}
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -104,6 +104,12 @@ variable "dns_zone" {
  default     = "realms.pub"
 }

+variable "dns_record_name" {
+  description = "DNS record name (subdomain). Use '@' for root or 'beeta' for beeta.realms.pub"
+  type        = string
+  default     = "beeta"
+}
+
 # =============================================================================
 # Backup Configuration
 # =============================================================================