devops/infra/clusters/bridge/main.tf

locals {
  server_dns = "bridge.fourlights.dev"
}

module "postgresql" {
  source = "../../modules/postgresql"

  namespace       = "postgresql"
  k8s_config_yaml = data.minio_s3_object.k8s_yaml.content
  username        = "bridge"
}

module "redis" {
  source  = "../../modules/redis"
  wait_on = true

  namespace       = "redis"
  k8s_config_yaml = data.minio_s3_object.k8s_yaml.content
}

module "fusionauth-db" {
  source  = "../../modules/postgresql/tenant"
  wait_on = module.postgresql.installed

  name            = "fusionauth"
  root_password   = module.postgresql.root_password
  k8s_config_yaml = data.minio_s3_object.k8s_yaml.content
}

resource "null_resource" "fusionauth-wait" {
  depends_on = [module.fusionauth-db.installed, module.redis.installed]
}

module "fusionauth" {
  source  = "../../modules/fusionauth"
  wait_on = null_resource.fusionauth-wait.id

  namespace       = "fusionauth"
  k8s_config_yaml = data.minio_s3_object.k8s_yaml.content
  server_dns      = local.server_dns

  database_password = module.fusionauth-db.password
}

module "fusionauth-tenant-devops" {
  source  = "../../modules/fusionauth/tenant"
  wait_on = module.fusionauth.installed

  fusionauth_api_key = module.fusionauth.api_key
  fusionauth_uri     = module.fusionauth.uri
  tenant_name        = "devops"
  theme_id           = "cafafa30-c8de-40f1-b666-12d3fe361a0a"
}

module "fusionauth-application-argocd" {
  source  = "../../modules/fusionauth/application"
  wait_on = module.fusionauth-tenant-devops.installed

  fusionauth_api_key = module.fusionauth.api_key
  fusionauth_uri     = module.fusionauth.uri
  tenant_id          = module.fusionauth-tenant-devops.tenant_id
  rbac_lambda_id     = module.fusionauth-tenant-devops.rbac_lambda_id
  oauth_redirect_uri = "https://argocd.${local.server_dns}/api/dex/callback"

  name = "ArgoCD"
}

output "fusionauth-admin-password" {
  value     = module.fusionauth.admin_password
  sensitive = true
}

output "fusionauth-api-key" {
  value     = module.fusionauth.api_key
  sensitive = true
}

resource "null_resource" "argocd_wait" {
  depends_on = [module.fusionauth-application-argocd.installed, module.redis.installed]
}

module "argocd" {
  source  = "../../modules/argocd"
  wait_on = null_resource.argocd_wait.id

  namespace       = "argocd"
  k8s_config_yaml = data.minio_s3_object.k8s_yaml.content

  redis_db_start_index = 0
  redis_password       = module.redis.password
  server_dns           = local.server_dns

  oauth_uri           = module.fusionauth.server
  oauth_client_id     = module.fusionauth-application-argocd.client_id
  oauth_client_secret = module.fusionauth-application-argocd.client_secret
  oauth_redirect_uri  = module.fusionauth-application-argocd.redirect_uri
  oauth_issuer        = module.fusionauth-tenant-devops.issuer
}

output "argocd-root-password" {
  value     = module.argocd.admin_password
  sensitive = true
}

# we need to add more applications here unfortunately

module "fusionauth-google" {
  source  = "../../modules/fusionauth/identity-provider/google"
  wait_on = module.fusionauth.installed

  fusionauth_uri     = module.fusionauth.uri
  fusionauth_api_key = module.fusionauth.api_key

  google_client_id     = "783390190667-0nkts50perpmhott4i7ro1ob5n7koi5i.apps.googleusercontent.com"
  google_client_secret = "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"

  applications = [
    {
      id                  = module.fusionauth-application-argocd.application_id,
      create_registration = true,
      enabled             = true
    }
  ]
}