gitea_admin
685de1816d
- Diun monitors Docker images - Automated updates for nginx, manual approval for gitea/postgres - Weekly cert renewal automation via cron - Health checks with automatic rollback on failure - AWS SES email notifications on update failures - Daily S3 backups + pre-update snapshots - Integration tests with Gitea Actions quality gate - Change domain from gitea.poll-streams.com to git.poll-streams.com - Add diagrams
60 lines
1.9 KiB
HCL
60 lines
1.9 KiB
HCL
# Generate random password for PostgreSQL
|
|
resource "random_password" "db_password" {
|
|
length = 32
|
|
special = true
|
|
}
|
|
|
|
# Generate random password for Gitea admin user
|
|
resource "random_password" "gitea_admin_password" {
|
|
length = 32
|
|
special = true
|
|
}
|
|
|
|
# Store credentials in AWS Secrets Manager
|
|
resource "aws_secretsmanager_secret" "db_credentials" {
|
|
name = "${var.project_name}-db-credentials"
|
|
description = "PostgreSQL database credentials for Gitea"
|
|
recovery_window_in_days = 0
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-db-credentials"
|
|
}
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "db_credentials" {
|
|
secret_id = aws_secretsmanager_secret.db_credentials.id
|
|
secret_string = jsonencode({
|
|
username = "gitea"
|
|
password = random_password.db_password.result
|
|
database = "gitea"
|
|
host = "postgres"
|
|
port = 5432
|
|
admin_username = "gitea_admin"
|
|
admin_password = random_password.gitea_admin_password.result
|
|
admin_email = "admin@poll-streams.com"
|
|
gitea_runner_token = "" # Will be auto-generated via API
|
|
})
|
|
}
|
|
|
|
# Store SMTP credentials in Secrets Manager
|
|
resource "aws_secretsmanager_secret" "ses_smtp_credentials" {
|
|
name = "${var.project_name}-ses-smtp-credentials"
|
|
description = "SMTP credentials for AWS SES"
|
|
recovery_window_in_days = 0
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-ses-smtp-credentials"
|
|
}
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "ses_smtp_credentials" {
|
|
secret_id = aws_secretsmanager_secret.ses_smtp_credentials.id
|
|
secret_string = jsonencode({
|
|
smtp_host = "email-smtp.${var.aws_region}.amazonaws.com"
|
|
smtp_port = "587"
|
|
smtp_username = aws_iam_access_key.ses_smtp_access_key.id
|
|
smtp_password = aws_iam_access_key.ses_smtp_access_key.ses_smtp_password_v4
|
|
alert_email = var.alert_email
|
|
})
|
|
}
|