terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
    }
  }
}

module "invariants" {
  source = "../invariants"
}

locals {
  admin_authorized_keys = coalesce(var.admin_authorized_keys, module.invariants.admin_authorized_keys)
  cloudinit_user_data = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
    name                  = var.name,
    admin_authorized_keys = local.admin_authorized_keys,
    insecure_password     = var.insecure_password,
    use_host_cert         = var.use_host_cert,
    host_cert             = trimspace(null_resource.cert.triggers["cert"]),
    private_key           = tls_private_key.debian.private_key_openssh,
    fixed_dns             = var.fixed_dns
    data_share            = var.data_share
  })
  cloudinit_network_config = templatefile("${path.module}/files/network_config.cfg.tftpl", {
    fixed_address = var.fixed_address
  })
  domain_name    = coalesce(var.domain_name, var.name)
  disk_pool      = coalesce(var.disk_pool, module.invariants.disk_pool)
  disk_base      = coalesce(var.disk_base, module.invariants.disk_base)
  disk_base_pool = coalesce(var.disk_base_pool, module.invariants.disk_base_pool)
  cloudinit_pool = coalesce(var.cloudinit_pool, module.invariants.cloudinit_pool)
  bridge_name    = coalesce(var.bridge_name, module.invariants.bridge_name)
}

resource "tls_private_key" "debian" {
  algorithm = "ED25519"
}

data "tls_public_key" "debian" {
  private_key_pem = tls_private_key.debian.private_key_pem
}

data "external" "cert" {
  program = ["bash", "${path.module}/files/get_cert.sh"]

  query = {
    pubkey   = trimspace(data.tls_public_key.debian.public_key_openssh)
    host     = var.name
    cahost   = module.invariants.ca_host
    cascript = module.invariants.ca_script
    cakey    = var.ca_key
  }
}

resource "null_resource" "cert" {
  triggers = {
    cert = data.external.cert.result["cert"]
  }

  lifecycle {
    ignore_changes = [
      triggers
    ]

    postcondition {
      condition     = data.external.cert.result["cert"] != "" || !var.use_host_cert
      error_message = "Error retrieving host certificate."
    }
  }
}

resource "libvirt_volume" "debian" {
  name             = "${local.domain_name}.iso"
  pool             = local.disk_pool
  size             = var.disk_size
  base_volume_name = local.disk_base
  base_volume_pool = local.disk_base_pool

  lifecycle {
    replace_triggered_by = [
      libvirt_cloudinit_disk.debian.id
    ]
  }
}

resource "libvirt_cloudinit_disk" "debian" {
  name           = "${local.domain_name}.iso"
  pool           = local.cloudinit_pool
  user_data      = local.cloudinit_user_data
  network_config = local.cloudinit_network_config
}

resource "null_resource" "data_share" {
  connection {
    type = "ssh"
    user = "root"
    host = var.hypervisor_host
  }

  provisioner "remote-exec" {
    inline = [
      "if [ \"${var.data_share}\" != \"\"; then mkdir -p --mode=og=rwx /data/${local.domain_name}; fi"
    ]
  }
}

resource "libvirt_domain" "debian" {
  name      = local.domain_name
  memory    = var.memory
  vcpu      = 4
  autostart = true

  disk {
    volume_id = libvirt_volume.debian.id
  }

  dynamic "filesystem" {
    for_each = var.data_share != "" ? [1] : []

    content {
      source   = "/data/${local.domain_name}"
      target   = "data"
      readonly = false
    }
  }

  network_interface {
    bridge   = local.bridge_name
    hostname = var.name
    mac      = var.mac
  }

  cloudinit = libvirt_cloudinit_disk.debian.id

  lifecycle {
    replace_triggered_by = [
      libvirt_cloudinit_disk.debian.id
    ]
  }

  depends_on = [
    null_resource.data_share
  ]
}