# Generate random password for PostgreSQL
resource "random_password" "db_password" {
  length  = 32
  special = true
}

# Store credentials in AWS Secrets Manager
resource "aws_secretsmanager_secret" "db_credentials" {
  name        = "${var.project_name}-db-credentials"
  description = "PostgreSQL database credentials for Gitea"

  tags = {
    Name = "${var.project_name}-db-credentials"
  }
}

resource "aws_secretsmanager_secret_version" "db_credentials" {
  secret_id = aws_secretsmanager_secret.db_credentials.id
  secret_string = jsonencode({
    username = "gitea"
    password = random_password.db_password.result
    database = "gitea"
    host     = "postgres"
    port     = 5432
  })
}