mirror of https://github.com/snachodog/mybuddy.git
188 lines
5.0 KiB
HCL
188 lines
5.0 KiB
HCL
provider "google" {
|
|
region = var.region
|
|
}
|
|
|
|
resource "google_project" "baby_buddy" {
|
|
name = var.project_name
|
|
project_id = var.project_id
|
|
billing_account = var.billing_account
|
|
auto_create_network = false
|
|
}
|
|
|
|
locals {
|
|
services = toset(["run.googleapis.com",
|
|
"sqladmin.googleapis.com",
|
|
"sql-component.googleapis.com",
|
|
"secretmanager.googleapis.com"
|
|
])
|
|
}
|
|
|
|
resource "google_project_service" "project_services" {
|
|
for_each = local.services
|
|
project = google_project.baby_buddy.project_id
|
|
service = each.value
|
|
disable_on_destroy = true
|
|
disable_dependent_services = true
|
|
}
|
|
|
|
resource "random_password" "root_password" {
|
|
min_lower = 1
|
|
min_numeric = 1
|
|
min_upper = 1
|
|
length = 19
|
|
special = true
|
|
min_special = 1
|
|
lifecycle {
|
|
ignore_changes = [
|
|
min_lower, min_upper, min_numeric, special, min_special, length
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "random_password" "django_secret_key" {
|
|
min_lower = 1
|
|
min_numeric = 1
|
|
min_upper = 1
|
|
length = 20
|
|
special = true
|
|
min_special = 1
|
|
lifecycle {
|
|
ignore_changes = [
|
|
min_lower, min_upper, min_numeric, special, min_special, length
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "google_sql_database_instance" "baby_buddy" {
|
|
name = "babybuddy"
|
|
database_version = "POSTGRES_15"
|
|
root_password = random_password.root_password.result
|
|
settings {
|
|
tier = "db-f1-micro"
|
|
disk_autoresize = false
|
|
deletion_protection_enabled = false
|
|
insights_config {
|
|
query_insights_enabled = false
|
|
}
|
|
maintenance_window {
|
|
day = 1
|
|
hour = 0
|
|
}
|
|
}
|
|
|
|
deletion_protection = "true"
|
|
}
|
|
|
|
resource "google_secret_manager_secret" "postgres_password" {
|
|
secret_id = "postgres-password"
|
|
project = google_project.baby_buddy.project_id
|
|
replication {
|
|
auto {}
|
|
}
|
|
}
|
|
|
|
resource "google_secret_manager_secret_version" "postgres_password" {
|
|
secret = google_secret_manager_secret.postgres_password.name
|
|
secret_data = google_sql_database_instance.baby_buddy.root_password
|
|
}
|
|
|
|
resource "google_secret_manager_secret_iam_member" "postgres_password" {
|
|
secret_id = google_secret_manager_secret.postgres_password.id
|
|
role = "roles/secretmanager.secretAccessor"
|
|
member = "serviceAccount:${google_project.baby_buddy.number}-compute@developer.gserviceaccount.com"
|
|
depends_on = [google_secret_manager_secret.postgres_password]
|
|
}
|
|
|
|
resource "google_secret_manager_secret" "django_secret_key" {
|
|
secret_id = "django-secret-key"
|
|
project = google_project.baby_buddy.project_id
|
|
replication {
|
|
auto {}
|
|
}
|
|
}
|
|
|
|
resource "google_secret_manager_secret_version" "django_secret_key" {
|
|
secret = google_secret_manager_secret.django_secret_key.name
|
|
secret_data = random_password.django_secret_key.result
|
|
}
|
|
|
|
resource "google_secret_manager_secret_iam_member" "django_secret_key" {
|
|
secret_id = google_secret_manager_secret.django_secret_key.name
|
|
role = "roles/secretmanager.secretAccessor"
|
|
member = "serviceAccount:${google_project.baby_buddy.number}-compute@developer.gserviceaccount.com"
|
|
depends_on = [google_secret_manager_secret.django_secret_key]
|
|
}
|
|
|
|
resource "google_cloud_run_v2_service" "baby_buddy" {
|
|
name = "babybuddy"
|
|
location = var.region
|
|
ingress = "INGRESS_TRAFFIC_ALL"
|
|
project = google_project.baby_buddy.project_id
|
|
|
|
template {
|
|
scaling {
|
|
max_instance_count = 2
|
|
}
|
|
|
|
volumes {
|
|
name = "cloudsql"
|
|
cloud_sql_instance {
|
|
instances = [google_sql_database_instance.baby_buddy.connection_name]
|
|
}
|
|
}
|
|
|
|
containers {
|
|
name = "babybuddy-1"
|
|
image = "docker.io/linuxserver/babybuddy:latest"
|
|
|
|
env {
|
|
name = "DB_HOST"
|
|
value = "/cloudsql/${google_project.baby_buddy.project_id}:${var.region}:${google_sql_database_instance.baby_buddy.name}"
|
|
}
|
|
env {
|
|
name = "DB_USER"
|
|
value = "postgres"
|
|
}
|
|
env {
|
|
name = "DB_NAME"
|
|
value = "postgres"
|
|
}
|
|
env {
|
|
name = "DB_ENGINE"
|
|
value = "django.db.backends.postgresql"
|
|
}
|
|
env {
|
|
name = "DB_PASSWORD"
|
|
value_source {
|
|
secret_key_ref {
|
|
secret = google_secret_manager_secret.postgres_password.secret_id
|
|
version = google_secret_manager_secret_version.postgres_password.version
|
|
}
|
|
}
|
|
}
|
|
env {
|
|
name = "SECRET_KEY"
|
|
value_source {
|
|
secret_key_ref {
|
|
secret = google_secret_manager_secret.django_secret_key.secret_id
|
|
version = google_secret_manager_secret_version.django_secret_key.version
|
|
}
|
|
}
|
|
}
|
|
volume_mounts {
|
|
name = "cloudsql"
|
|
mount_path = "/cloudsql"
|
|
}
|
|
}
|
|
}
|
|
|
|
annotations = {
|
|
"foo" = "bar"
|
|
}
|
|
traffic {
|
|
type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
|
|
percent = 100
|
|
}
|
|
depends_on = [google_secret_manager_secret_version.postgres_password, google_secret_manager_secret_version.django_secret_key]
|
|
}
|