[checkpoint] Just saving where I'm at because I'm resetting this bit

main.tf

terraform {
  required_version = ">= 0.12"
}

#
# @HOWTO: reference another state files output
#
# data "terraform_remote_state" "current" {
#   backend = "remote"
#
#   config = {
#     hostname     = "app.terraform.io"
#     organization = "rundock"
#
#     workspaces = {
#       name = "ops-sandbox-global"
#     }
#   }
# }

locals {
  workspace = terraform.workspace == "default" ? "ops-sandbox" : terraform.workspace
  prefix    = format("%s-%s", local.workspace, var.region)
}

# Configure the Digital Ocean Provider
# - Generally Available Regions: NYC1, FRA1, SFO2, AMS3, and SGP1.
provider "digitalocean" {
  token = var.do_token
}

locals {
  github_pages_ips = [
    "185.199.108.153",
    "185.199.109.153",
    "185.199.110.153",
    "185.199.111.153",
  ]
}

resource "digitalocean_domain" "default" {
  name = var.fqdn
}

resource "digitalocean_record" "default_apex" {
  count  = length(local.github_pages_ips)
  domain = digitalocean_domain.default.name
  type   = "A"
  name   = "@"
  value  = local.github_pages_ips[count.index]
}

resource "digitalocean_record" "default_cname_www" {
  domain = digitalocean_domain.default.name
  type   = "CNAME"
  name   = "www."
  value  = format("%s.", digitalocean_domain.default.name)
}

resource "digitalocean_record" "default_TXT_github-challenge" {
  domain = digitalocean_domain.default.name
  type   = "TXT"
  name   = "_github-challenge-rundock.rundock.io."
  value  = "5b88e7ccb6"
}

resource "digitalocean_tag" "cluster" {
  name = "cluster:swarm"
}

resource "digitalocean_loadbalancer" "public" {
  name   = format("%s-public-loadbalancer-1", local.prefix)
  region = var.region

  redirect_http_to_https = true
  enable_proxy_protocol  = true

  forwarding_rule {
    entry_port      = 80
    entry_protocol  = "http2"
    target_port     = 80
    target_protocol = "http2"
    tls_passthrough = true
  }

  forwarding_rule {
    entry_port      = 443
    entry_protocol  = "http2"
    target_port     = 443
    target_protocol = "http2"
    tls_passthrough = true
  }

  healthcheck {
    port     = 22
    protocol = "tcp"
  }

  droplet_ids = [digitalocean_droplet.cluster.id]
}

swarm.tf

data "digitalocean_image" "ubuntu" {
  slug = "ubuntu-18-04-x64"
}

resource "digitalocean_droplet" "cluster" {
  name     = format("manager-%s-%s-1", local.workspace, var.region)
  region   = var.region
  image    = data.digitalocean_image.ubuntu.id
  size     = "s-1vcpu-1gb"
  tags     = [digitalocean_tag.cluster.id]
  ssh_keys = concat(var.ssh_keys, [])

  private_networking = true
}

module "default-fw" {
  source  = "syntaqx/firewall/digitalocean"
  version = "0.0.6"
  name    = "default-fw"
  tags    = [digitalocean_tag.cluster.id]

  inbound_rules = [
    {
      protocol         = "tcp"
      port_range       = "22"
      source_addresses = ["0.0.0.0/0", "::/0"]
      source_tags      = [digitalocean_tag.cluster.id]
    },
  ]
}

module "lb-http-internal-fw" {
  source  = "syntaqx/firewall/digitalocean"
  version = "0.0.6"
  name    = "lb-http-internal-fw"
  tags    = [digitalocean_tag.cluster.id]

  inbound_rules = [
    {
      protocol                  = "tcp"
      port_range                = "80"
      source_load_balancer_uids = [digitalocean_loadbalancer.public.id]
    },
    {
      protocol                  = "tcp"
      port_range                = "443"
      source_load_balancer_uids = [digitalocean_loadbalancer.public.id]
    },
  ]
}

module "swarm-fw" {
  source  = "syntaqx/firewall/digitalocean"
  version = "0.0.6"
  name    = "swarm-internal-fw"
  tags    = [digitalocean_tag.cluster.id]

  outbound_rules = [
    {
      protocol         = "tcp"
      port_range       = "2376"
      destination_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol         = "tcp"
      port_range       = "2377"
      destination_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol         = "tcp"
      port_range       = "7946"
      destination_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol         = "udp"
      port_range       = "7946"
      destination_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol         = "udp"
      port_range       = "4789"
      destination_tags = [digitalocean_tag.cluster.id],
    },
  ]

  inbound_rules = [
    {
      protocol    = "tcp"
      port_range  = "2376"
      source_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol    = "tcp"
      port_range  = "2377"
      source_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol    = "tcp"
      port_range  = "7946"
      source_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol    = "udp"
      port_range  = "7946"
      source_tags = [digitalocean_tag.cluster.id],
    },
    {
      protocol    = "udp"
      port_range  = "4789"
      source_tags = [digitalocean_tag.cluster.id],
    },
  ]
}

output "ssh_hostname" {
  value = digitalocean_droplet.cluster.ipv4_address
}

terraform.tfvars

fqdn     = "rundock.io"
ssh_keys = ["f7:5e:da:1e:dc:1d:3f:d1:7a:04:0b:c4:d0:a6:bc:93"]

variables.tf

variable "do_token" {
  type = string
}

variable "region" {
  description = "Region to create cluster resources in"
  default     = "nyc3"
}

variable "fqdn" {
  description = "The fully qualified domain name the to access the cluster"
  type        = string
}

variable "ssh_keys" {
  description = "SSH IDs or fingerprints to enable on all resources"
  type        = list(any)
}