feat: ✨ create Terraform module to manage Strapi Postgres role and DB

deploy/.gitignore

@@ -0,0 +1,37 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Custom
+.env

deploy/.terraform.lock.hcl

@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/cyrilgdn/postgresql" {
+  version     = "1.17.1"
+  constraints = "1.17.1"
+  hashes = [
+    "h1:PbajI5dnH0WrLTbJDXExQJ850SZZpg/onCv1scFVyGI=",
+    "zh:0a800fd3d6745a75916f00d4fb8615a63a40fe296beba93c5cdb4fcca6fef0c3",
+    "zh:0ce6d6d1bc3a93305393e965b58449ee938bbfda09248a8e2d90ad94858ac046",
+    "zh:1d20431ce36aa371ca83ae1717282fc5fda3efd884eace5b4285daab1077f1e1",
+    "zh:41ca08013a8b207aabde9330c698915add6ca37329e78203b649e447e68efaa9",
+    "zh:4e94129e4cd9ab05c1d0ff94a99bd718e36f3f85babf1f7eb0e926eecc542367",
+    "zh:6017a29c840f9e0e9f9025d7acf4b2159f898a1f6dfde629b742916a50201be1",
+    "zh:85492e4b1ef1d5f42b7ce649680e0ea210b92a90ae376df88368346fdf3695ed",
+    "zh:b21d05833e0ec13f6df8e4f6bbbbfd181692197d09c3fd9e87c4c3f4276b2ae0",
+    "zh:b8dc0c03e9f754fbc5d3de0aaf29b161259c3c8fd5f182c6d03d96e27b8cd483",
+    "zh:bed38206052282408c9397adfb3c4d7b3270e9f713f55a0383a2103f125838f7",
+    "zh:c75f2802b57a339dce3caed4b79779b1408155349982197e59b67aaf12b67542",
+    "zh:d6551ca5dc15ea7f134d5f9f8523078cb32e9b702460fc99af94f341bb3d8c90",
+    "zh:ebaab1c5e69a6ff12536655629c2c3ae58d5e4bd9d722427a9aa77bf62c1e339",
+    "zh:f796ba225d7204a26fba85d958295e668bc8ca1f51b5bfeb2e5c410338b55c24",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "2.13.1"
+  constraints = "2.13.1"
+  hashes = [
+    "h1:PUyzpcW1hcOPj0Hu2QR/RhASeAeLhMzrNA+95tQAdL4=",
+    "zh:061f6ecbbf9a3c6345b56c28ebc2966a05d8eb02f3ba56beedd66e4ea308e332",
+    "zh:2119beeccb35bc5d1392b169f9fc748865261b45fb75fc8f57200e91658837c6",
+    "zh:26c29083d0d84fbc2e356e3dd1db3e2dc4139e943acf7a318d3c98f954ac6bd6",
+    "zh:2fb5823345ab05b3df74bb5c51c61072637d01b3cddffe3ad36a73b7d5b749e6",
+    "zh:3475b4422fffaf58584c4d877f98bfeff075e4a746f13e985d2cb20adc873a6c",
+    "zh:366b4bef49932d1d71b12849c1878c254a887962ff915f37982299c1185dd48a",
+    "zh:589f9358e4a4bd74a83b97ccc64df455ddfa64c4c4e099aef30fa29080497a8a",
+    "zh:7a0d75e0e4fee6cc5599ac9d5e91de563ce9ea7bd8137480c7abd09642a9e72c",
+    "zh:a297a42aefe0650e3d9fbe55a3ee48b14bb8bb5edb7068c09512d72afc3d9ca5",
+    "zh:b7f83a89b646542d02b733d464e45d6d0739a9dbb921305e7b8347e9fc98a149",
+    "zh:d4c721174a598b66bd1b29c40fa7cffafe90bb58186cd7506d792a6b04161103",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}

deploy/main.tf

@@ -0,0 +1,52 @@
+terraform {
+  backend "s3" {
+    bucket = "terraform-state"
+    key    = "apps/landing-page/terraform.tfstate"
+
+    endpoint = "https://s3.ravianand.me"
+
+    region           = "homelab01"
+    force_path_style = true
+
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+  }
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.13.1"
+    }
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = "1.17.1"
+    }
+  }
+}
+
+provider "kubernetes" {
+  cluster_ca_certificate = base64decode(var.kubernetes_cluster_ca_certificate)
+  host                   = var.kubernetes_host
+  token                  = var.kubernetes_token
+}
+
+provider "postgresql" {
+  host            = var.postgres_host
+  port            = 5432
+  database        = "postgres"
+  username        = var.postgres_admin_user
+  password        = var.postgres_admin_password
+  sslmode         = var.postgres_sslmode
+  connect_timeout = 15
+}
+
+resource "postgresql_role" "strapi" {
+  name     = var.postgres_user
+  login    = true
+  password = var.postgres_password
+}
+
+resource "postgresql_database" "strapi" {
+  name  = "strapi"
+  owner = postgresql_role.strapi.name
+}

deploy/variables.tf

@@ -0,0 +1,50 @@
+variable "kubernetes_cluster_ca_certificate" {
+  description = "Cluster CA certificate for Kubernetes API server"
+  type        = string
+  sensitive   = true
+}
+
+variable "kubernetes_host" {
+  description = "Host of the Kubernetes API server"
+  type        = string
+}
+
+variable "kubernetes_token" {
+  description = "Kubernetes Bearer token"
+  type        = string
+  sensitive   = true
+}
+
+variable "postgres_host" {
+  description = "Postgres host"
+  type        = string
+}
+
+variable "postgres_sslmode" {
+  description = "SSL mode to use in Postgres"
+  type        = string
+  default     = "require"
+}
+
+variable "postgres_admin_user" {
+  description = "Postgres management user with DB create and user create privileges"
+  type        = string
+}
+
+variable "postgres_admin_password" {
+  description = "Postgres management user password"
+  type        = string
+  sensitive   = true
+}
+
+variable "postgres_user" {
+  description = "Postgres user to be created for Strapi"
+  default     = "strapi"
+  type        = string
+}
+
+variable "postgres_password" {
+  description = "Password for Strapi Postgres user"
+  type        = string
+  sensitive   = true
+}