Initial commit - realms platform

devops/terraform/modules/ssh_keys/main.tf

@@ -0,0 +1,46 @@
+# =============================================================================
+# Admin SSH Keys (provided by user)
+# =============================================================================
+
+resource "digitalocean_ssh_key" "admin" {
+  for_each = var.admin_ssh_public_keys
+
+  name       = "${var.project_name}-${var.environment}-${each.key}"
+  public_key = each.value
+}
+
+# =============================================================================
+# Deploy Key (auto-generated for Forgejo Actions CI/CD)
+# =============================================================================
+
+resource "tls_private_key" "deploy" {
+  algorithm = "ED25519"
+}
+
+resource "digitalocean_ssh_key" "deploy" {
+  name       = "${var.project_name}-${var.environment}-deploy-key"
+  public_key = tls_private_key.deploy.public_key_openssh
+}
+
+# =============================================================================
+# Save deploy key locally for initial setup (optional)
+# =============================================================================
+
+resource "local_sensitive_file" "deploy_private_key" {
+  content         = tls_private_key.deploy.private_key_openssh
+  filename        = "${path.root}/.secrets/deploy_key_${var.environment}"
+  file_permission = "0600"
+}
+
+# =============================================================================
+# Internal VPC Key (jump host → internal servers like Forgejo)
+# =============================================================================
+
+resource "tls_private_key" "internal" {
+  algorithm = "ED25519"
+}
+
+resource "digitalocean_ssh_key" "internal" {
+  name       = "${var.project_name}-${var.environment}-internal-key"
+  public_key = tls_private_key.internal.public_key_openssh
+}