From af8965df31f7f2fcbb30e2da97698b85e15d22fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Tue, 23 Sep 2025 19:45:56 +0200
Subject: [PATCH] feat(infrastructure): add rabbitmq cluster

---
 tofu/main.tf                         | 11 +++-
 tofu/modules/rabbitmq/main.tf        | 77 ++++++++++++++++++++++++++++
 tofu/modules/rabbitmq/rabbit-ui.yaml | 14 +++++
 tofu/modules/rabbitmq/variables.tf   | 11 ++++
 tofu/variables.tf                    | 15 ++++--
 5 files changed, 122 insertions(+), 6 deletions(-)
 create mode 100644 tofu/modules/rabbitmq/main.tf
 create mode 100644 tofu/modules/rabbitmq/rabbit-ui.yaml
 create mode 100644 tofu/modules/rabbitmq/variables.tf

diff --git a/tofu/main.tf b/tofu/main.tf
index bfaaac4..e701d35 100644
--- a/tofu/main.tf
+++ b/tofu/main.tf
@@ -96,7 +96,14 @@ module "argocd" {
 }
 
 module "redis" {
-  source     = "${path.module}/modules/redis"
-  depends_on = [module.storage]
+  source                 = "${path.module}/modules/redis"
+  depends_on             = [module.storage]
   cloudflare_base_domain = var.cloudflare_domain
 }
+
+module "rabbitmq" {
+  source            = "${path.module}/modules/rabbitmq"
+  depends_on        = [module.storage]
+  base_domain       = var.cloudflare_domain
+  rabbitmq-password = var.rabbitmq-password
+}
diff --git a/tofu/modules/rabbitmq/main.tf b/tofu/modules/rabbitmq/main.tf
new file mode 100644
index 0000000..6b087f8
--- /dev/null
+++ b/tofu/modules/rabbitmq/main.tf
@@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.19.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "3.0.2"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.38.0"
+    }
+    kustomization = {
+      source  = "kbst/kustomization"
+      version = "0.9.6"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.13.1"
+    }
+  }
+}
+
+# Define the Helm release for RabbitMQ.
+# This resource will install the RabbitMQ chart from the Bitnami repository.
+resource "helm_release" "rabbitmq" {
+  # The name of the release in Kubernetes.
+  name = "rabbitmq"
+
+  # The repository where the chart is located.
+  repository = "https://charts.bitnami.com/bitnami"
+
+  # The name of the chart to deploy.
+  chart = "rabbitmq"
+
+  # The version of the chart to deploy. It's best practice to pin the version.
+  version = "14.4.1"
+
+  # The Kubernetes namespace to deploy into.
+  # If the namespace doesn't exist, you can create it with a kubernetes_namespace resource.
+  namespace        = "rabbitmq"
+  create_namespace = true
+
+  # Override default chart values.
+  # This is where you customize your RabbitMQ deployment.
+  set = [
+    {
+      name  = "auth.username"
+      value = "admin"
+    },
+    {
+      name  = "auth.password"
+      value = var.rabbitmq-password
+    },
+    {
+      name  = "persistence.enabled"
+      value = "true"
+    },
+    {
+      name  = "replicaCount"
+      value = "3"
+    },
+    {
+      name  = "podAntiAffinityPreset"
+      value = "soft"
+    }
+  ]
+}
+
+resource "kubectl_manifest" "rabbitmq_ui" {
+  yaml_body = templatefile("${path.module}/rabbit-ui.yaml", {
+    base_domain = var.base_domain
+  })
+  depends_on = [helm_release.rabbitmq]
+}
diff --git a/tofu/modules/rabbitmq/rabbit-ui.yaml b/tofu/modules/rabbitmq/rabbit-ui.yaml
new file mode 100644
index 0000000..d40f53e
--- /dev/null
+++ b/tofu/modules/rabbitmq/rabbit-ui.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.cfargotunnel.com/v1alpha1
+kind: TunnelBinding
+metadata:
+  name: rabbit-tunnel-binding
+  namespace: rabbitmq
+subjects:
+  - name: rabbit-gui
+    spec:
+      target: http://rabbitmq.rabbitmq.svc.cluster.local:15672
+      fqdn: rabbitmq.${base_domain}
+      noTlsVerify: true
+tunnelRef:
+  kind: ClusterTunnel
+  name: cluster-tunnel
\ No newline at end of file
diff --git a/tofu/modules/rabbitmq/variables.tf b/tofu/modules/rabbitmq/variables.tf
new file mode 100644
index 0000000..80199de
--- /dev/null
+++ b/tofu/modules/rabbitmq/variables.tf
@@ -0,0 +1,11 @@
+variable "base_domain" {
+  type     = string # The type of the variable, in this case a string
+  nullable = false  # Description of what this variable represents
+}
+
+variable "rabbitmq-password" {
+  type = string
+  nullable = false
+  sensitive = true
+  description = "Admin password for RabbitMQ user"
+}
diff --git a/tofu/variables.tf b/tofu/variables.tf
index f3a2400..3e59d8b 100644
--- a/tofu/variables.tf
+++ b/tofu/variables.tf
@@ -96,8 +96,15 @@ variable "cloudflare_account_id" {
 }
 
 variable "argocd_admin_password" {
-  type = string
-  nullable = false
-  sensitive = true
+  type        = string
+  nullable    = false
+  sensitive   = true
   description = "ArgoCD admin password"
-}
\ No newline at end of file
+}
+
+variable "rabbitmq-password" {
+  type        = string
+  nullable    = false
+  sensitive   = true
+  description = "Admin password for RabbitMQ user"
+}