doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
beeta/devops/terraform/modules/forgejo/main.tf
doomtube 3155eacdac
All checks were successful
Build and Push / build-all (push) Successful in 7m17s
Details
Add automatic SSL certificate generation
2026-01-06 04:53:46 -05:00

74 lines
2.2 KiB
HCL
Raw Blame History

# =============================================================================
# Secret Generation
# =============================================================================
resource "random_password" "postgres" {
length = 32
special = false
}
resource "random_password" "forgejo_secret_key" {
length = 64
special = false
}
resource "random_password" "forgejo_internal_token" {
length = 64
special = false
}
resource "random_password" "forgejo_jwt_secret" {
length = 64
special = false
}
# =============================================================================
# Forgejo Droplet
# =============================================================================
resource "digitalocean_droplet" "forgejo" {
name = "${var.project_name}-forgejo-${var.environment}"
size = var.droplet_size
image = var.droplet_image
region = var.region
vpc_uuid = var.vpc_uuid
ssh_keys = var.ssh_keys
backups = var.enable_backups
monitoring = true
ipv6 = true
# Pass cloud-config directly without cloudinit_config wrapper
# (cloudinit_config MIME multipart format was being ignored by DigitalOcean)
user_data = templatefile("${path.module}/cloud-init.yaml.tpl", {
ssh_port = var.ssh_port
git_ssh_port = var.git_ssh_port
vpc_ip_range = var.vpc_ip_range
domain = var.domain
postgres_password = random_password.postgres.result
forgejo_secret_key = random_password.forgejo_secret_key.result
forgejo_internal_token = random_password.forgejo_internal_token.result
forgejo_jwt_secret = random_password.forgejo_jwt_secret.result
})
tags = var.tags
lifecycle {
create_before_destroy = false
ignore_changes = [user_data]
}
}
# =============================================================================
# DNS Record (optional - requires domain to be managed by DigitalOcean)
# =============================================================================
resource "digitalocean_record" "forgejo" {
count = var.manage_dns ? 1 : 0
domain = var.dns_zone
type = "A"
name = var.dns_record_name
value = digitalocean_droplet.forgejo.ipv4_address
ttl = 600
}
Reference in a new issue View git blame Copy permalink