Initial commit - realms platform

terraform/main.tf

@@ -16,11 +16,19 @@ locals {
 # SSH Keys
 # =============================================================================
 
-resource "digitalocean_ssh_key" "admin" {
-  for_each = var.admin_ssh_public_keys
+# Get all SSH keys on account
+data "digitalocean_ssh_keys" "all" {}
 
-  name       = "${var.project_name}-app-${var.environment}-${each.key}"
-  public_key = each.value
+# Find the internal VPC key (created by devops/terraform for jump host access)
+locals {
+  internal_key_name = "${var.project_name}-${var.environment}-internal-key"
+  internal_key_ids  = [for k in data.digitalocean_ssh_keys.all.ssh_keys : k.id if k.name == local.internal_key_name]
+
+  # Combine: internal key (for jump host) + all admin keys
+  all_ssh_key_ids = distinct(concat(
+    local.internal_key_ids,
+    [for k in data.digitalocean_ssh_keys.all.ssh_keys : k.id]
+  ))
 }
 
 # =============================================================================
@@ -35,7 +43,7 @@ module "app_server" {
   region           = var.region
   vpc_uuid         = var.vpc_uuid
   vpc_ip_range     = var.vpc_ip_range
-  ssh_keys         = [for key in digitalocean_ssh_key.admin : key.id]
+  ssh_keys         = local.all_ssh_key_ids
   droplet_size     = var.app_droplet_size
   droplet_image    = var.app_droplet_image
   ssh_port         = var.app_ssh_port
@@ -44,5 +52,6 @@ module "app_server" {
   tags             = local.common_tags
   manage_dns       = var.manage_dns
   dns_zone         = var.dns_zone
+  dns_record_name  = var.dns_record_name
   forgejo_registry = var.forgejo_registry
 }