extract dbaas, authentik, crowdsec from platform into independent stacks [ci skip]

Phase 1 of platform stack split for parallel CI applies.
All 3 modules were fully independent (no cross-module refs).
State migrated via terraform state mv. All 3 stacks applied
with zero changes (dbaas had pre-existing ResourceQuota drift).
Woodpecker pipeline updated to run extracted stacks in parallel.

stacks/dbaas/modules/dbaas/chart_values.tpl

@@ -0,0 +1,16 @@
+tls:
+  useSelfSigned: true
+credentials:
+  root:
+    password: ${root_password}
+    user: root
+serverInstances: 1
+podSpec:
+ containers:
+ - name: mysql
+   resources:
+     requests:
+       memory: "1024Mi"  # adapt to your needs
+       cpu: "100m"       # adapt to your needs
+     limits:
+       memory: "2048Mi"  # adapt to your needs

stacks/dbaas/modules/dbaas/cluster.yaml

@@ -0,0 +1,30 @@
+apiVersion: mysql.presslabs.org/v1alpha1
+kind: MysqlCluster
+metadata:
+  name: mysql-cluster
+  namespace: dbaas
+spec:
+  mysqlVersion: "5.7"
+  replicas: 1
+  secretName: cluster-secret
+  mysqlConf:
+    # read_only: 0                          # mysql forms a single transaction for each sql statement, autocommit for each statement
+    # automatic_sp_privileges: "ON"         # automatically grants the EXECUTE and ALTER ROUTINE privileges to the creator of a stored routine
+    # auto_generate_certs: "ON"             # Auto Generation of Certificate
+    # auto_increment_increment: 1           # Auto Incrementing value from +1
+    # auto_increment_offset: 1              # Auto Increment Offset
+    # binlog-format: "STATEMENT"            # contains various options such ROW(SLOW,SAFE) STATEMENT(FAST,UNSAFE), MIXED(combination of both)
+    # wait_timeout: 31536000                # 28800 number of seconds the server waits for activity on a non-interactive connection before closing it, You might encounter MySQL server has gone away error, you then tweak this value acccordingly
+    # interactive_timeout: 28800            # The number of seconds the server waits for activity on an interactive connection before closing it.
+    # max_allowed_packet: "512M"            # Maximum size of MYSQL Network protocol packet that the server can create or read 4MB, 8MB, 16MB, 32MB
+    # max-binlog-size: 1073741824           # binary logs contains the events that describe database changes, this parameter describe size for the bin_log file.
+    # log_output: "TABLE"                   # Format in which the logout will be dumped
+    # master-info-repository: "TABLE"       # Format in which the master info will be dumped
+    # relay_log_info_repository: "TABLE"    # Format in which the relay info will be dumped
+  volumeSpec:
+    persistentVolumeClaim:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi

stacks/dbaas/modules/dbaas/mysql_chart_values.yaml

@@ -0,0 +1,14 @@
+---
+orchestrator:
+  # persistence:
+    # enabled: false
+  ingress:
+    enable: false
+    hosts:
+    - host: db.viktorbarzin.me
+      paths:
+      - path: /
+    tls:
+    - secretName: ${secretName}
+      hosts:
+        - db.viktorbarzin.me

stacks/dbaas/modules/dbaas/postgres/postgres_Dockerfile

@@ -0,0 +1,30 @@
+# Use the PostGIS image as the base
+FROM pgvector/pgvector:0.8.0-pg16 as binary
+FROM postgis/postgis:16-master
+COPY --from=binary /pgvecto-rs-binary-release.deb /tmp/vectors.deb
+RUN apt-get install -y /tmp/vectors.deb && rm -f /tmp/vectors.deb
+
+# Install necessary packages
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+    build-essential \
+    libpq-dev \
+    wget \
+    git \
+    postgresql-server-dev-16 \
+    postgresql-16-pgvector \
+    # Clean up to reduce layer size
+    && rm -rf /var/lib/apt/lists/* \
+    && cd /tmp \
+    && git clone --branch v0.8.0 https://github.com/pgvector/pgvector.git \
+    && cd pgvector \
+    && make \
+    && make install \
+    # Clean up unnecessary files
+    && cd - \
+    && apt-get purge -y --auto-remove build-essential postgresql-server-dev-16 libpq-dev wget git \
+    && rm -rf /tmp/pgvector
+
+# Copy initialization scripts
+#COPY ./docker-entrypoint-initdb.d/ /docker-entrypoint-initdb.d/
+CMD ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", "search_path=\"$user\", public, vectors", "-c", "logging_collector=on"]

stacks/dbaas/modules/dbaas/versions.tf

@@ -0,0 +1,9 @@
+# terraform {
+#   required_providers {
+#     kubectl = {
+#       source  = "gavinbunney/kubectl"
+#       version = ">= 1.10.0"
+#     }
+#   }
+#   required_version = ">= 0.13"
+# }