# ─── Managed PostgreSQL cluster ───────────────────────────────────────────────
# Shared across all customers — each customer gets their own database.

resource "digitalocean_database_cluster" "postgres" {
  name       = "lunarfront-postgres"
  engine     = "pg"
  version    = "16"
  size       = var.postgres_size
  region     = var.region
  node_count = 1

  tags = ["lunarfront", "postgres"]
}

# Restrict access to the DOKS cluster only
resource "digitalocean_database_firewall" "postgres" {
  cluster_id = digitalocean_database_cluster.postgres.id

  rule {
    type  = "k8s"
    value = digitalocean_kubernetes_cluster.main.id
  }
}