terraform-digitalocean-ubuntu

Module to manage Ubuntu droplets in DigitalOcean with Puppet optionally handling the OS configuration.

Overview

This Terraform module will:

• Manage a DigitalOcean (referral link) Droplet
  • Add all available SSH keys in DigitalOcean account to the Droplet
  • Assign the following tags to the Droplet
    • all
    • Specified list of tags
• Manage A and AAAA DNS records for the Droplets using DigitalOcean's DNS
• Include the droplet in the specified DigitalOcean project (default project name: Default)
• Optional:
  • Manage the DigitalOcean Project (default: true)
  • Install Puppet Agent from a Puppet Enterprise server, and:
    • Pass data to the Agent to configure the following Trusted Facts
      • pp_application (required)
      • pp_role (default: server)
      • pp_environment (default: production)
      • pp_datacenter (using the droplet region value)
    • Pass an auto-sign token to the Puppet Agent installer

NOTE: The module uses the Puppet Enterprise agent installer to keep things simple. You can change it to use the open source repos by modifying the user data template in the templates directory.

DNS and firewall rules

The module doesn't manage the DNS domain, nor the DigitalOcean firewall rules.

I use these DigitalOcean tags for the firewall rules:

• all does the basic firewall rules (deny all, allows ping, allows SSH from certain IPs/subnets)

The code in the examples directory includes code to setup additional rules linked to a tag.

Application installation

This is done by Puppet using the trusted facts to assign a Puppet role class to the droplet.

Requirements

Name	Version
digitalocean	~> 2

Providers

Name	Version
digitalocean	2.40.0

Modules

No modules.

Resources

Name	Type
digitalocean_droplet.server	resource
digitalocean_project.server	resource
digitalocean_project_resources.server	resource
digitalocean_record.server_ipv4	resource
digitalocean_record.server_ipv6	resource
digitalocean_projects.server	data source
digitalocean_ssh_keys.all	data source

Inputs

Name	Description	Type	Default	Required
dns_ttl	Domaing name. Must be managed using DigitalOcean DNS	number	"1800"	no
domain	Domaing name. Must be managed using DigitalOcean DNS	string	n/a	yes
enable_backups	Enable backups for the droplet	bool	true	no
enable_ipv6	Enable ipv6 for the droplet	bool	true	no
enable_monitoring	Enable monitoring for the droplet	bool	true	no
hostname	Server short hostname (without domain name)	string	n/a	yes
image	DigitalOcean Droplet image (do not change unless you know what you're doing)	string	"ubuntu-24-04-x64"	no
manage_project	Manage the DigitalOcean project	bool	false	no
project_name	DigitalOcean project name	string	"Default"	no
puppet_application	Puppet Application (pp_application trusted fact)	string	null	no
puppet_autosign_token	Puppet SSL cert autosign token	string	null	no
puppet_environment	Puppet environment (pp_environment trusted fact)	string	"production"	no
puppet_install_agent	Install Puppet Agent (you need to set all the other Puppet related input variables if true)	bool	false	no
puppet_role	Puppet Role (pp_role trusted fact)	string	"server"	no
puppet_server	Puppet server FQDN	string	null	no
region	DigitalOcean region (also used for Puppet's pp_datacenter trusted fact)	string	"lon1"	no
size	DigitalOcean Droplet size	string	"s-1vcpu-1gb"	no
ssh_keys	List of SSH keys allowed to login (WARNING: if empty, it will add all your configured SSH keys)	list(string)	[]	no
tags	List of existing DigitalOcean tags (he module will not create them)	list(string)	[]	no
tailscale_auth_key	Tailscale VPN authentication key used to register the node	string	null	no
tailscale_exit_node	Publish this Tailscale node as an exit node	bool	false	no
tailscale_install_client	Install Tailscale VPN Client (you need to set at least the tailscale_auth_key input variable if true)	bool	false	no
tailscale_ssh	Enable Tailscale VPN SSH	bool	false	no
vpc_id	VPC ID to use for the droplet private network	string	null	no

Outputs

Name	Description
fqdn	n/a
ipv4	n/a
ipv6	n/a