resource "aws_instance" "k3s_box" {
  ami = var.instance_ami
  instance_type = var.instance_type
  associate_public_ip_address = true
  key_name = aws_key_pair.k3s_box_kp.key_name

  ebs_block_device {
    device_name = "/dev/sdx"
    volume_size = 10
    volume_type = "gp2"
    delete_on_termination = true
    count = var.create_ebs_block_device ? 1 : 0
  }

  # user_data = "${file("./setup_scripts/script.sh")}"

  provisioner "file" {
    source = "./setup_scripts/install_crontab.sh"
    destination = "/home/ec2-user"
  }

  provisioner "file" {
    source = "./setup_scripts/duckdns.sh"
    destination = "/home/ec2-user"
  }

  provisioner "remote-exec" {
    inline = [ 
      "chmod +x /home/ec2-user/install_crontab.sh",
      "/home/ec2-user/install_crontab.sh",
      "chmod +x /home/ec2-user/duckdns.sh",
      "/home/ec2-user/duckdns.sh ${var.duckdns_domain} ${var.duckdns_token}"
     ]
  }

  tags = {
    Name = var.instance_name
  }
}

resource "aws_vpc" "k3s_box_vpc" {
  cidr_block = "10.0.0.0/16"

  tags = {
    Name = concat(var.instance_name, "-vpc")
  }
}

resource "aws_subnet" "k3s_box_public_subnet" {
  vpc_id = aws_vpc.k3s_box_vpc.id
  cidr_block = "10.0.1.0/24"
  availability_zone = var.availability_zone

  tags = {
    Name = concat(var.instance_name, "-public-subnet")
  }
}

resource "aws_subnet" "k3s_box_private_subnet" {
  vpc_id = aws_vpc.k3s_box_vpc.id
  cidr_block = "10.0.2.0/24"
  availability_zone = var.availability_zone

  tags = {
    Name = concat(var.instance_name, "-private-subnet")
  }
}

resource "aws_internet_gateway" "k3s_box_ig" {
  vpc_id = aws_vpc.k3s_box_vpc.id

  tags = {
    Name = concat(var.instance_name, "-internet-gateway")
  }
}

resource "aws_route_table" "k3s_box_rt" {
  vpc_id = aws_vpc.k3s_box_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.k3s_box_ig.id
  }

  route {
    ipv6_cidr_block = "::/0"
    gateway_id = aws_internet_gateway.k3s_box_ig.id
  }

  tags = {
    Name = concat(var.instance_name, "-route-table")
  }
}

resource "aws_route_table_association" "k3s_box_public_1_rt_a" {
  subnet_id = aws_subnet.k3s_box_public_subnet.id
  route_table_id = aws_route_table.k3s_box_rt.id
}

resource "aws_security_group" "k3s_box_sg" {
  name = "security group for k3s box"
  description = "security group for k3s box"
  vpc_id = aws_vpc.k3s_box_vpc.id

  ingress {
    description = "SSH"
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  # ALLOWS HTTPS and HTTP from anywhere
  ingress {
    description = "HTTPS"
    from_port = 443
    to_port = 443
    protocol = "tcp"
    cidr_blocks = var.enable_ingress_http ? ["0.0.0.0/0"] : []
    ipv6_cidr_blocks = var.enable_ingress_http ? ["::/0"] : []
  }

  ingress {
    description = "HTTP"
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = var.enable_ingress_http ? ["0.0.0.0/0"] : []
    ipv6_cidr_blocks = var.enable_ingress_http ? ["::/0"] : []
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = concat(var.instance_name, "-sg")
  }
}

# create key pair
resource "tls_private_key" "rsa" {
  algorithm = "RSA"
  rsa_bits = 4096
}

resource "aws_key_pair" "k3s_box_kp" {
  key_name = concat(var.instance_name, "-key")
  public_key = tls_private_key.rsa.public_key_openssh
}

# save key pair to machine
resource "local_file" "k3s_box_private_key" {
  content = tls_private_key.rsa.private_key_pem
  filename = concat(var.instance_name, "-private_key.pem")
  file_permission = 0400
}

output "k3s_box_global_ips" {
  value = ["${aws_instance.k3s_box.*.public_ip}"]
}