revert: drop people/prospector DBs from shared store IaC

Per-service DBs move to each service's own project infra declaration, not the catch-all uvlava store cluster module (uvlava itself may be superseded by per-project infra). Cluster + quinn/quinn_admin unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 08:11:04 -04:00 · 2026-06-29 08:11:04 -04:00 · 85111ec243
commit 85111ec243
parent 9f9d913e8b
3 changed files with 2 additions and 27 deletions
--- a/terraform/do/database.tf
+++ b/terraform/do/database.tf
@ -36,19 +36,6 @@ resource "digitalocean_database_user" "app" {
  name       = "quinn_app"
 }

-# Dedicated roles for the standalone services (credential separation: the
-# prospector/people services never hold quinn_app's creds). DO managed PG
-# generates each password; surfaced via the sensitive outputs below.
-resource "digitalocean_database_user" "people" {
-  cluster_id = digitalocean_database_cluster.pg.id
-  name       = "people"
-}
-
-resource "digitalocean_database_user" "prospector" {
-  cluster_id = digitalocean_database_cluster.pg.id
-  name       = "prospector"
-}
-
 # Trusted sources = ONLY the backend droplet. This is the hard private boundary:
 # nothing else — not the internet, not vps-0 directly — can open a PG connection.
 resource "digitalocean_database_firewall" "pg" {
--- a/terraform/do/outputs.tf
+++ b/terraform/do/outputs.tf
@ -37,18 +37,6 @@ output "pg_databases" {
  value = [for db in digitalocean_database_db.dbs : db.name]
 }

-# Standalone-service DB credentials (consumed by the prospector + people service
-# .env on the backend droplet). Sensitive — read via `terraform output -raw`.
-output "people_db_password" {
-  value     = digitalocean_database_user.people.password
-  sensitive = true
-}
-
-output "prospector_db_password" {
-  value     = digitalocean_database_user.prospector.password
-  sensitive = true
-}
-
 output "spaces_bucket_endpoint" {
  description = "S3 endpoint for the media bucket (services use signed URLs)."
  value       = digitalocean_spaces_bucket.media.bucket_domain_name
--- a/terraform/do/variables.tf
+++ b/terraform/do/variables.tf
@ -95,9 +95,9 @@ variable "pg_node_count" {
 }

 variable "pg_databases" {
-  description = "Logical databases to create on the cluster. quinn/quinn_admin mirror black; people + prospector are the standalone cocottetech services (own-DB-per-service)."
+  description = "Logical databases to create on the cluster (mirrors black's quinn + quinn_admin). Per-service DBs (people, prospector) are owned by their own service-scoped terraform modules that data-source this cluster."
  type        = list(string)
-  default     = ["quinn", "quinn_admin", "people", "prospector"]
+  default     = ["quinn", "quinn_admin"]
 }

 ###############################################################################