infra/2-nomad-config/gitea.tf

resource "cloudflare_dns_record" "git-othrayte-one" {
  comment = "git.othrayte.one maps to tailscale fqdn"
  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
  type    = "CNAME"
  name    = "git.othrayte.one"
  content = "git.tail15856.ts.net"
  ttl     = 1 # Auto
}

resource "nomad_job" "gitea" {
  jobspec = templatefile("gitea.nomad.hcl", {
    ts_oauthsecret = data.sops_file.secrets.data["tailscale.oauthsecret"]
  })
}

resource "nomad_variable" "gitea" {
  path = "nomad/jobs/gitea"
  items = {
    internal_token = data.sops_file.secrets.data["gitea.internal_token"]
    jwt_secret     = data.sops_file.secrets.data["gitea.jwt_secret"]
    database_pw    = data.sops_file.secrets.data["gitea.database_pw"]
  }
}

resource "postgresql_role" "gitea" {
  name     = "gitea"
  password = data.sops_file.secrets.data["gitea.database_pw"]
  login    = true
}

resource "postgresql_database" "gitea" {
  name  = "gitea"
  owner = postgresql_role.gitea.name
}

module "appdata_gitea" {
  source = "./modules/appdata"
  name   = "gitea"
}