From 478891447c22eaaad0beaca7cb7624aea3aa090f Mon Sep 17 00:00:00 2001
From: clofour <208706398+clofour@users.noreply.github.com>
Date: Sat, 11 Apr 2026 23:10:23 +0200
Subject: [PATCH 1/2] Configure Terraform

---
 .gitignore                |  5 ++++
 terraform/dependencies.tf | 14 ++++++++++
 terraform/domain.tf       |  3 +++
 terraform/kubernetes.tf   | 20 +++++++++++++++
 terraform/outputs.tf      | 45 ++++++++++++++++++++++++++++++++
 terraform/postgres.tf     | 27 ++++++++++++++++++++
 terraform/providers.tf    |  5 ++++
 terraform/spaces.tf       | 18 +++++++++++++
 terraform/valkey.tf       | 18 +++++++++++++
 terraform/variables.tf    | 54 +++++++++++++++++++++++++++++++++++++++
 terraform/vpc.tf          |  5 ++++
 11 files changed, 214 insertions(+)
 create mode 100644 terraform/dependencies.tf
 create mode 100644 terraform/domain.tf
 create mode 100644 terraform/kubernetes.tf
 create mode 100644 terraform/outputs.tf
 create mode 100644 terraform/postgres.tf
 create mode 100644 terraform/providers.tf
 create mode 100644 terraform/spaces.tf
 create mode 100644 terraform/valkey.tf
 create mode 100644 terraform/variables.tf
 create mode 100644 terraform/vpc.tf

diff --git a/.gitignore b/.gitignore
index 6349e36..544e22f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,8 @@
+.env
+
+
+# Terraform
+
 # Local .terraform directories
 .terraform/
 
diff --git a/terraform/dependencies.tf b/terraform/dependencies.tf
new file mode 100644
index 0000000..833b366
--- /dev/null
+++ b/terraform/dependencies.tf
@@ -0,0 +1,14 @@
+terraform {
+    required_version = "~> v1.14.7"
+
+    required_providers {
+      digitalocean = {
+        source = "digitalocean/digitalocean"
+        version = "~> 2.81.0"
+      }
+      random = {
+        source = "hashicorp/random"
+        version = "~> 3.8.1"
+      }
+    }
+}
\ No newline at end of file
diff --git a/terraform/domain.tf b/terraform/domain.tf
new file mode 100644
index 0000000..8c564c9
--- /dev/null
+++ b/terraform/domain.tf
@@ -0,0 +1,3 @@
+resource "digitalocean_domain" "main" {
+    name = var.domain_name
+}
\ No newline at end of file
diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf
new file mode 100644
index 0000000..5cf6f23
--- /dev/null
+++ b/terraform/kubernetes.tf
@@ -0,0 +1,20 @@
+data "digitalocean_kubernetes_versions" "current" {
+    version_prefix = var.k8s_version
+}
+
+resource "digitalocean_kubernetes_cluster" "main" {
+    name = var.cluster_name
+    region = var.region
+    version = data.digitalocean_kubernetes_versions.current.latest_version
+    vpc_uuid = digitalocean_vpc.main.id
+
+    auto_upgrade = false
+    surge_upgrade = true
+
+    node_pool {
+      name = "default"
+      size = var.node_size
+      node_count = var.node_count
+      labels = { role = "general" }
+    }
+}
\ No newline at end of file
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
new file mode 100644
index 0000000..ab129a0
--- /dev/null
+++ b/terraform/outputs.tf
@@ -0,0 +1,45 @@
+output "kubeconfig" {
+    value = digitalocean_kubernetes_cluster.main.kube_config[0].raw_config
+    sensitive = true
+}
+
+
+output "postgres_host" {
+    value = digitalocean_database_cluster.postgres.private_host
+}
+
+output "postgres_port" {
+    value = digitalocean_database_cluster.postgres.port
+}
+
+output "postgres_user" {
+    value = digitalocean_database_cluster.postgres.user.gitlab.name
+}
+
+output "postgres_password" {
+    value = digitalocean_database_cluster.postgres.user.gitlab.password
+    sensitive = true
+}
+
+
+output "valkey_host" {
+    value = digitalocean_database_cluster.valkey.private_host
+}
+
+output "valkey_port" {
+    value = digitalocean_database_cluster.valkey.port
+}
+
+output "valkey_password" {
+    value = digitalocean_database_cluster.valkey.password
+    sensitive = true
+}
+
+
+output "spaces_endpoint" {
+    value = "${var.region}.digitaloceanspaces.com"
+}
+
+output "spaces_buckets" {
+    value = { for k, b in digitalocean_digitalocean_spaces_bucket.gitlab : k => b.name }
+}
\ No newline at end of file
diff --git a/terraform/postgres.tf b/terraform/postgres.tf
new file mode 100644
index 0000000..152ca93
--- /dev/null
+++ b/terraform/postgres.tf
@@ -0,0 +1,27 @@
+resource "digitalocean_database_cluster" "postgres" {
+    name = "${var.cluster_name}-postgres"
+    engine = "pg"
+    version = 18
+    size = "db-s-1vcpu-1gb"
+    region = var.region
+    node_count = 1
+    private_network_uuid = digitalocean_vpc.main.id
+}
+
+resource "digitalocean_database_db" "gitlab" {
+    cluster_id = digitalocean_database_cluster.postgres.id
+    name = "gitlab_production"
+}
+
+resource "digitalocean_database_user" "gitlab" {
+    cluster_id = digitalocean_database_cluster.postgres.id
+    name = "gitlab"
+}
+
+resource "digitalocean_database_firewall" "postgres" {
+    cluster_id = digitalocean_database_cluster.postgres.id
+    rule {
+        type = "k8s"
+        value = digitalocean_kubernetes_cluster.main.id
+    }
+}
\ No newline at end of file
diff --git a/terraform/providers.tf b/terraform/providers.tf
new file mode 100644
index 0000000..125e9fb
--- /dev/null
+++ b/terraform/providers.tf
@@ -0,0 +1,5 @@
+provider "digitalocean" {
+    token = var.do_token
+    spaces_access_id = var.spaces_access_id
+    spaces_secret_key = var.spaces_secret_key
+}
\ No newline at end of file
diff --git a/terraform/spaces.tf b/terraform/spaces.tf
new file mode 100644
index 0000000..7ad770a
--- /dev/null
+++ b/terraform/spaces.tf
@@ -0,0 +1,18 @@
+locals {
+    spaces = toset([
+        "artifacts", "lfs", "uploads", "packages",
+        "registry", "backups", "tmp", "ci-secure-files",
+        "dependency-proxy", "terraform-state", "pages"
+    ])
+}
+
+resource "random_id" "suffix" {
+    byte_length = 3
+}
+
+resource "digitalocean_spaces_bucket" "gitlab" {
+    for_each = local.spaces
+    name = "${var.cluster_name}-${each.key}-${random_id.suffix.hex}"
+    region = var.region
+    acl = "private"
+}
\ No newline at end of file
diff --git a/terraform/valkey.tf b/terraform/valkey.tf
new file mode 100644
index 0000000..54535d0
--- /dev/null
+++ b/terraform/valkey.tf
@@ -0,0 +1,18 @@
+resource "digitalocean_database_cluster" "valkey" {
+    name = "${var.cluster_name}-valkey"
+    engine = "valkey"
+    version = "8"
+    size = "db-s-1vcpu-1gb"
+    region = var.region
+    node_count = 1
+    private_network_uuid = digitalocean_vpc.main.id
+    eviction_policy = "noeviction"
+}
+
+resource "digitalocean_database_firewall" "valkey" {
+    cluster_id = digitalocean_database_cluster.valkey.id
+    rule {
+        type = "k8s"
+        value = digitalocean_kubernetes_cluster.main.id
+    }
+}
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..f975afe
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,54 @@
+variable "do_token" {
+    type = string
+    sensitive = true
+}
+
+variable "spaces_access_id" {
+    type = string
+    sensitive = true
+}
+
+variable "spaces_secret_key" {
+    type = string
+    sensitive = true
+}
+
+
+variable "region" {
+    type = string
+    default = "fra1"
+}
+
+variable "cluster_name" {
+    type = string
+    default = "gitlab"
+}
+
+variable "k8s_version" {
+    type = string
+    default = "1.35.1"
+}
+
+variable "node_size" {
+    type = string
+    default = "s-2vcpu-4gb"
+}
+
+variable "node_count" {
+    type = number
+    default = 2
+}
+
+variable "domain_name" {
+    type = string
+}
+
+variable "gitlab_host" {
+    type = string
+    default = "gitlab"
+}
+
+variable "registry_host" {
+    type = string
+    default = "registry"
+}
\ No newline at end of file
diff --git a/terraform/vpc.tf b/terraform/vpc.tf
new file mode 100644
index 0000000..e9739b1
--- /dev/null
+++ b/terraform/vpc.tf
@@ -0,0 +1,5 @@
+resource "digitalocean_vpc" "main" {
+    name = "${var.cluster_name}-vpc"
+    region = var.region
+    ip_range = "10.20.0.0/16"
+}
\ No newline at end of file

From c8b54ef960e986ebcec5a2f35d19644296cb56df Mon Sep 17 00:00:00 2001
From: clofour <208706398+clofour@users.noreply.github.com>
Date: Sun, 12 Apr 2026 14:35:46 +0200
Subject: [PATCH 2/2] Bug fixes

---
 terraform/outputs.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/outputs.tf b/terraform/outputs.tf
index ab129a0..d60d0a0 100644
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -13,11 +13,11 @@ output "postgres_port" {
 }
 
 output "postgres_user" {
-    value = digitalocean_database_cluster.postgres.user.gitlab.name
+    value = digitalocean_database_user.gitlab.name
 }
 
 output "postgres_password" {
-    value = digitalocean_database_cluster.postgres.user.gitlab.password
+    value = digitalocean_database_user.gitlab.password
     sensitive = true
 }
 
@@ -41,5 +41,5 @@ output "spaces_endpoint" {
 }
 
 output "spaces_buckets" {
-    value = { for k, b in digitalocean_digitalocean_spaces_bucket.gitlab : k => b.name }
+    value = { for k, b in digitalocean_spaces_bucket.gitlab : k => b.name }
 }
\ No newline at end of file