infra(aggregation mode): add terraform setup

.gitignore

@@ -41,3 +41,8 @@ circuit_js
 
 # Reports
 docs/dead_links_report.txt
+
+**/.terraform
+terraform.tfstate
+terraform.tfstate.backup
+

infra/aggregation_mode/terraform/cloudinit/postgres-monitor-cloud-init.yaml

@@ -0,0 +1,54 @@
+#cloud-config
+hostname: ${hostname}
+fqdn: ${hostname}
+manage_etc_hosts: true
+
+users:
+  - name: app
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - ${ssh_public_key}
+  - name: admin
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:
+      - ${ssh_public_key}
+
+package_update: true
+package_upgrade: true
+
+packages:
+  - ca-certificates
+  - curl
+  - wget
+  - gnupg
+  - vim
+  - git
+  - zip
+  - unzip
+  - openssl
+  - libssl-dev
+  - build-essential
+  - rsyslog
+  - htop
+  - rsync
+  - pkg-config
+  - locales
+
+write_files:
+  - path: /etc/environment
+    content: |
+      LANG=en_US.UTF-8
+      LC_ALL=C
+      LANGUAGE=en_US.UTF-8
+      LC_TYPE=en_US.UTF-8
+      LC_CTYPE=en_US.UTF-8
+
+runcmd:
+  - loginctl enable-linger app
+  # Tailscale installation https://tailscale.com/kb/1293/cloud-init
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --advertise-tags=tag:server --auth-key=${tailscale_auth_key}
+  - tailscale set --auto-update
+  - sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
+  - locale-gen

infra/aggregation_mode/terraform/cloudinit/scaleway-cloud-init.yaml

@@ -0,0 +1,42 @@
+#cloud-config
+hostname: ${hostname}
+fqdn: ${hostname}
+manage_etc_hosts: true
+
+users:
+  - name: app
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - ${ssh_public_key}
+  - name: admin
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:
+      - ${ssh_public_key}
+
+package_update: true
+package_upgrade: true
+
+packages:
+  - ca-certificates
+  - curl
+  - wget
+  - gnupg
+  - vim
+  - git
+  - zip
+  - unzip
+  - openssl
+  - libssl-dev
+  - build-essential
+  - rsyslog
+  - htop
+  - rsync
+  - pkg-config
+
+runcmd:
+  - loginctl enable-linger app
+  # Tailscale installation https://tailscale.com/kb/1293/cloud-init
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --advertise-tags=tag:server --auth-key=${tailscale_auth_key}
+  - tailscale set --auto-update

infra/aggregation_mode/terraform/main.tf

@@ -0,0 +1,20 @@
+provider "aws" {
+  region = "us-east-2"
+}
+
+provider "tailscale" {
+  # Configure via environment variables:
+  # TAILSCALE_API_KEY
+}
+
+module "postgres_monitor" {
+  source = "./postgres_monitor"
+}
+
+# module "postgres_primary" {
+#   source = "./postgres_primary"
+# }
+
+# module "postgres_secondary" {
+#   source = "./postgres_secondary"
+# }

infra/aggregation_mode/terraform/output.tf

@@ -0,0 +1,14 @@
+output "postgres_monitor_public_ip" {
+  description = "Public IP address of the Postgres Monitor."
+  value       = module.postgres_monitor.public_ip
+}
+
+# output "postgres_primary_public_ip" {
+#   description = "Public IP address of the Postgres Primary."
+#   value       = module.postgres_primary.public_ip
+# }
+#
+# output "postgres_secondary_public_ip" {
+#   description = "Public IP address of the Postgres Secondary."
+#   value       = module.postgres_secondary.public_ip
+# }

infra/aggregation_mode/terraform/postgres_monitor/main.tf

@@ -0,0 +1,93 @@
+terraform {
+  required_providers {
+    tailscale = {
+      source = "tailscale/tailscale"
+    }
+  }
+}
+
+# Create ephemeral Tailscale auth key
+resource "tailscale_tailnet_key" "postgres_monitor" {
+  reusable      = false
+  ephemeral     = true
+  preauthorized = true
+  expiry        = 3600
+  description   = "Ephemeral key for postgres-monitor"
+  tags          = ["tag:server"]
+}
+
+# Upload existing SSH public key to AWS
+resource "aws_key_pair" "ssh_key" {
+  key_name   = var.ssh_key_name
+  public_key = file(var.ssh_public_key_path)
+}
+
+# Debian 12
+data "aws_ami" "debian12" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["debian-12-amd64-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  owners = ["136693071363"] # https://wiki.debian.org/Cloud/AmazonEC2Image/
+}
+
+resource "aws_security_group" "ssh_access" {
+  name        = "postgres-monitor-ssh-access"
+  description = "Allow SSH inbound traffic for postgres monitor"
+
+  ingress {
+    description = "SSH from anywhere"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    description = "Allow all outbound traffic"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "postgres-monitor-ssh-access"
+  }
+}
+
+resource "aws_instance" "postgres_monitor" {
+  ami           = data.aws_ami.debian12.id
+  instance_type = var.instance_type
+  key_name      = var.ssh_key_name
+  vpc_security_group_ids = [aws_security_group.ssh_access.id]
+
+  user_data = templatefile("${path.module}/../cloudinit/postgres-monitor-cloud-init.yaml", {
+    hostname           = var.hostname
+    ssh_public_key     = trimspace(file(var.ssh_public_key_path))
+    tailscale_auth_key = tailscale_tailnet_key.postgres_monitor.key
+  })
+
+  user_data_replace_on_change = true
+
+  tags = {
+    Name = var.instance_name
+  }
+
+  root_block_device {
+    volume_size = 32
+  }
+}

infra/aggregation_mode/terraform/postgres_monitor/output.tf

@@ -0,0 +1,9 @@
+output "instance_hostname" {
+  description = "Private DNS name of the EC2 instance."
+  value       = aws_instance.postgres_monitor.private_dns
+}
+
+output "public_ip" {
+  description = "Public IP address of the EC2 instance."
+  value       = aws_instance.postgres_monitor.public_ip
+}

infra/aggregation_mode/terraform/postgres_monitor/variables.tf

@@ -0,0 +1,29 @@
+variable "ssh_key_name" {
+  description = "The name of the SSH key pair to use for the EC2 instance."
+  type        = string
+  default     = "postgres-monitor-key"
+}
+
+variable "ssh_public_key_path" {
+  description = "Path to the SSH public key file to upload to AWS."
+  type        = string
+  default     = "~/.ssh/aws.pub"
+}
+
+variable "instance_name" {
+  description = "Value of the EC2 instance's Name tag."
+  type        = string
+  default     = "postgres-monitor"
+}
+
+variable "instance_type" {
+  description = "The EC2 instance's type."
+  type        = string
+  default     = "t2.micro"
+}
+
+variable "hostname" {
+  description = "The hostname to set for the EC2 instance."
+  type        = string
+  default     = "postgres-monitor"
+}