Adds postgres server and switches ttrss

db/network.tf

@@ -1,6 +1,7 @@
 resource "docker_network" "mariadb" {
-  name   = "mariadb"
-  driver = "bridge"
+  name     = "mariadb"
+  driver   = "bridge"
+  internal = true
 
   ipam_config {
     subnet  = "172.19.0.0/28"
@@ -9,11 +10,23 @@ resource "docker_network" "mariadb" {
 }
 
 resource "docker_network" "mongorocks" {
-  name   = "mongorocks"
-  driver = "bridge"
+  name     = "mongorocks"
+  driver   = "bridge"
+  internal = true
 
   ipam_config {
     subnet  = "172.20.0.0/29"
     gateway = "172.20.0.1"
   }
 }
+
+resource "docker_network" "postgres" {
+  name     = "postgres"
+  driver   = "bridge"
+  internal = true
+
+  ipam_config {
+    subnet  = "172.20.0.8/29"
+    gateway = "172.20.0.9"
+  }
+}

db/outputs.tf

@@ -5,3 +5,7 @@ output "names-mariadb" {
 output "networks-mongorocks" {
   value = "${docker_network.mongorocks.name}"
 }
+
+output "postgres-network-id" {
+  value = "${docker_network.postgres.name}"
+}

db/postgres.tf

@@ -0,0 +1,45 @@
+resource "docker_container" "postgres" {
+  name  = "postgres"
+  image = "${docker_image.postgres.latest}"
+
+  volumes {
+    volume_name    = "${docker_volume.postgres_volume.name}"
+    container_path = "/var/lib/postgresql/data"
+    host_path      = "${docker_volume.postgres_volume.mountpoint}"
+  }
+
+  // This is so that other host-only services can share this
+  ports {
+    internal = 5432
+    external = 5432
+    ip       = "${var.ips["eth0"]}"
+  }
+
+  // This is a not-so-great idea
+  // TODO: Figure out a better way to make terraform SSH and then connect to localhost
+  ports {
+    internal = 5432
+    external = 5432
+    ip       = "${var.ips["tun0"]}"
+  }
+
+  memory                = 256
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  env = [
+    "POSTGRES_PASSWORD=${var.postgres-root-password}",
+  ]
+
+  networks = ["${docker_network.postgres.id}"]
+}
+
+resource "docker_image" "postgres" {
+  name          = "${data.docker_registry_image.postgres.name}"
+  pull_triggers = ["${data.docker_registry_image.postgres.sha256_digest}"]
+}
+
+data "docker_registry_image" "postgres" {
+  name = "postgres:${var.postgres-version}"
+}

db/variables.tf

@@ -3,8 +3,14 @@ variable "mariadb-version" {
   default     = "10.2.14"
 }
 
+variable "postgres-version" {
+  description = "postgres version to use for fetching the docker image"
+  default     = "10-alpine"
+}
+
 variable "ips" {
   type = "map"
 }
 
 variable "mysql_root_password" {}
+variable "postgres-root-password" {}

db/volumes.tf

@@ -2,6 +2,10 @@ resource "docker_volume" "mariadb_volume" {
   name = "mariadb_volume"
 }
 
+resource "docker_volume" "postgres_volume" {
+  name = "postgres_volume"
+}
+
 resource "docker_volume" "mongorocks_data_volume" {
   name = "mongorocks_data_volume"
 }

main.tf

@@ -26,9 +26,10 @@ module "docker" {
 }
 
 module "db" {
-  source              = "db"
-  mysql_root_password = "${var.mysql_root_password}"
-  ips                 = "${var.ips}"
+  source                 = "db"
+  mysql_root_password    = "${var.mysql_root_password}"
+  postgres-root-password = "${var.postgres-root-password}"
+  ips                    = "${var.ips}"
 }
 
 module "timemachine" {
@@ -71,12 +72,12 @@ module "radicale" {
 }
 
 module "tt-rss" {
-  source             = "tt-rss"
-  domain             = "rss.captnemo.in"
-  mysql_password     = "${var.mysql-ttrss-password}"
-  links-db           = "${module.db.names-mariadb}"
-  traefik-labels     = "${var.traefik-common-labels}"
-  traefik-network-id = "${module.docker.traefik-network-id}"
+  source              = "tt-rss"
+  domain              = "rss.captnemo.in"
+  mysql_password      = "${var.mysql-ttrss-password}"
+  traefik-labels      = "${var.traefik-common-labels}"
+  traefik-network-id  = "${module.docker.traefik-network-id}"
+  postgres-network-id = "${module.db.postgres-network-id}"
 }
 
 module "rss-bridge" {

providers.tf

@@ -14,6 +14,14 @@ provider "mysql" {
   password = "${var.mysql_root_password}"
 }
 
+provider "postgresql" {
+  host     = "postgres.in.bb8.fun"
+  port     = 5432
+  username = "postgres"
+  password = "${var.postgres-root-password}"
+  sslmode  = "disable"
+}
+
 provider "digitalocean" {
   token = "${var.digitalocean-token}"
 }

tt-rss/db-postgres.tf

@@ -0,0 +1,10 @@
+resource "postgresql_database" "ttrss" {
+  name  = "ttrss"
+  owner = "ttrss"
+}
+
+resource "postgresql_role" "ttrss" {
+  name     = "ttrss"
+  login    = true
+  password = "${var.mysql_password}"
+}

tt-rss/db.tf

@@ -1,16 +0,0 @@
-resource "mysql_database" "ttrss" {
-  name = "ttrss"
-}
-
-resource "mysql_user" "ttrss" {
-  user               = "ttrss"
-  host               = "%"
-  plaintext_password = "${var.mysql_password}"
-}
-
-resource "mysql_grant" "ttrss" {
-  user       = "${mysql_user.ttrss.user}"
-  host       = "${mysql_user.ttrss.host}"
-  database   = "${mysql_database.ttrss.name}"
-  privileges = ["ALL"]
-}

tt-rss/main.tf

@@ -22,9 +22,7 @@ resource "docker_container" "tt-rss" {
     container_path = "/config"
   }
 
-  networks = ["${var.traefik-network-id}"]
-
-  links = ["mariadb"]
+  networks = ["${var.traefik-network-id}", "${var.postgres-network-id}"]
 
   env = [
     "TZ=Asia/Kolkata",

tt-rss/variables.tf

@@ -3,7 +3,7 @@ variable "domain" {
 }
 
 variable "mysql_password" {}
-variable "links-db" {}
+variable "postgres-network-id" {}
 
 variable "traefik-labels" {
   type = "map"

variables.tf

@@ -15,6 +15,10 @@ variable "mysql_root_password" {
   type = "string"
 }
 
+variable "postgres-root-password" {
+  type = "string"
+}
+
 variable "mysql_lychee_password" {}
 
 variable "mysql_airsonic_password" {}