Initial commit - realms platform

2026-01-05 22:54:27 -05:00 · 2026-01-05 22:54:27 -05:00 · c717c3751c
commit c717c3751c
parent c590ab6d18
234 changed files with 74103 additions and 15231 deletions
--- a/devops/terraform/modules/forgejo/main.tf
+++ b/devops/terraform/modules/forgejo/main.tf
@ -0,0 +1,97 @@
+# =============================================================================
+# Secret Generation
+# =============================================================================
+
+resource "random_password" "postgres" {
+  length  = 32
+  special = false
+}
+
+resource "random_password" "forgejo_secret_key" {
+  length  = 64
+  special = false
+}
+
+resource "random_password" "forgejo_internal_token" {
+  length  = 64
+  special = false
+}
+
+resource "random_password" "forgejo_jwt_secret" {
+  length  = 64
+  special = false
+}
+
+# =============================================================================
+# Forgejo Volume (Block Storage)
+# =============================================================================
+
+resource "digitalocean_volume" "forgejo" {
+  name                    = "${var.project_name}-forgejo-${var.environment}"
+  region                  = var.region
+  size                    = var.volume_size
+  initial_filesystem_type = "ext4"
+  description             = "Forgejo data volume for ${var.project_name}"
+  tags                    = var.tags
+}
+
+# =============================================================================
+# Forgejo Droplet
+# =============================================================================
+
+resource "digitalocean_droplet" "forgejo" {
+  name     = "${var.project_name}-forgejo-${var.environment}"
+  size     = var.droplet_size
+  image    = var.droplet_image
+  region   = var.region
+  vpc_uuid = var.vpc_uuid
+
+  ssh_keys   = var.ssh_keys
+  backups    = var.enable_backups
+  monitoring = true
+  ipv6       = true
+
+  # Pass cloud-config directly without cloudinit_config wrapper
+  # (cloudinit_config MIME multipart format was being ignored by DigitalOcean)
+  user_data = templatefile("${path.module}/cloud-init.yaml.tpl", {
+    ssh_port               = var.ssh_port
+    git_ssh_port           = var.git_ssh_port
+    vpc_ip_range           = var.vpc_ip_range
+    volume_name            = "${var.project_name}-forgejo-${var.environment}"
+    domain                 = var.domain
+    postgres_password      = random_password.postgres.result
+    forgejo_secret_key     = random_password.forgejo_secret_key.result
+    forgejo_internal_token = random_password.forgejo_internal_token.result
+    forgejo_jwt_secret     = random_password.forgejo_jwt_secret.result
+  })
+
+  tags = var.tags
+
+  lifecycle {
+    create_before_destroy = false
+    ignore_changes        = [user_data]
+  }
+}
+
+# =============================================================================
+# Volume Attachment
+# =============================================================================
+
+resource "digitalocean_volume_attachment" "forgejo" {
+  droplet_id = digitalocean_droplet.forgejo.id
+  volume_id  = digitalocean_volume.forgejo.id
+}
+
+# =============================================================================
+# DNS Record (optional - requires domain to be managed by DigitalOcean)
+# =============================================================================
+
+resource "digitalocean_record" "forgejo" {
+  count = var.manage_dns ? 1 : 0
+
+  domain = var.dns_zone
+  type   = "A"
+  name   = var.dns_record_name
+  value  = digitalocean_droplet.forgejo.ipv4_address
+  ttl    = 600
+}