variable "instance_type" {
  type = string
  default = "t2.nano"
}

variable "instance_name" {
  type = string
  default = "k3s-box"
}

variable "instance_ami" {
  type = string
  default = "ami-0889a44b331db0194" # amazon linux us-east-1
}

variable "availability_zone" {
  type = string
  default = "us-east-1a"
}

variable "create_ebs_block_device" {
  type = bool
  default = false
}

variable "enable_ingress_http" {
  type = bool
  default = false
}

resource "aws_instance" "k3s_box" {
  ami = var.instance_ami
  instance_type = var.instance_type
  associate_public_ip_address = true
  key_name = aws_key_pair.k3s_box_kp.key_name

  ebs_block_device {
    device_name = "/dev/sdx"
    volume_size = 10
    volume_type = "gp2"
    delete_on_termination = true
    count = var.create_ebs_block_device ? 1 : 0
  }

  user_data = "${file("./script.sh")}"

  tags = {
    Name = var.instance_name
  }
}

resource "aws_vpc" "k3s_box_vpc" {
  cidr_block = "10.0.0.0/16"

  tags = {
    Name = "k3s-box-vpc"
  }
}

resource "aws_subnet" "k3s_box_public_subnet" {
  vpc_id = aws_vpc.k3s_box_vpc.id
  cidr_block = "10.0.1.0/24"
  availability_zone = var.availability_zone

  tags = {
    Name = "k3s-box-public-subnet"
  }
}

resource "aws_subnet" "k3s_box_private_subnet" {
  vpc_id = aws_vpc.k3s_box_vpc.id
  cidr_block = "10.0.2.0/24"
  availability_zone = var.availability_zone

  tags = {
    Name = "k3s-box-private-subnet"
  }
}

resource "aws_internet_gateway" "k3s_box_ig" {
  vpc_id = aws_vpc.k3s_box_vpc.id

  tags = {
    Name = "k3s-box-internet-gateway"
  }
}

resource "aws_route_table" "k3s_box_rt" {
  vpc_id = aws_vpc.k3s_box_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.k3s_box_ig.id
  }

  route {
    ipv6_cidr_block = "::/0"
    gateway_id = aws_internet_gateway.k3s_box_ig.id
  }

  tags = {
    Name = "k3s-box-route-table"
  }
}

resource "aws_route_table_association" "k3s_box_public_1_rt_a" {
  subnet_id = aws_subnet.k3s_box_public_subnet.id
  route_table_id = aws_route_table.k3s_box_rt.id
}

resource "aws_security_group" "k3s_box_sg" {
  name = "security group for k3s box"
  description = "security group for k3s box"
  vpc_id = aws_vpc.k3s_box_vpc.id

  ingress {
    description = "SSH"
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  # ALLOWS HTTPS and HTTP from anywhere
  ingress {
    description = "HTTPS"
    from_port = 443
    to_port = 443
    protocol = "tcp"
    cidr_blocks = var.enable_ingress_http ? ["0.0.0.0/0"] : []
    ipv6_cidr_blocks = var.enable_ingress_http ? ["::/0"] : []
  }

  ingress {
    description = "HTTP"
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = var.enable_ingress_http ? ["0.0.0.0/0"] : []
    ipv6_cidr_blocks = var.enable_ingress_http ? ["::/0"] : []
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "k3s-box-sg"
  }
}

# create key pair
resource "tls_private_key" "rsa" {
  algorithm = "RSA"
  rsa_bits = 4096
}

resource "aws_key_pair" "k3s_box_kp" {
  key_name = "k3s-box-key"
  public_key = tls_private_key.rsa.public_key_openssh
}

# save key pair to machine
resource "local_file" "k3s_box_private_key" {
  content = tls_private_key.rsa.private_key_pem
  filename = "k3s_box_private_key"
  file_permission = 0400
}

output "k3s_box_global_ips" {
  value = ["${aws_instance.k3s_box.*.public_ip}"]
}