terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
    }
  }
}

locals {
  cloudinit_user_data = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
    name                  = var.name,
    ssh_pwauth            = true,
    admin_authorized_keys = var.admin_authorized_keys,
    insecure_password     = var.insecure_password,
    use_host_cert         = var.use_host_cert,
    host_cert             = trimspace(null_resource.cert.triggers["cert"]),
    private_key           = tls_private_key.debian.private_key_openssh
  })
}

resource "tls_private_key" "debian" {
  algorithm = "ED25519"
}

data "tls_public_key" "debian" {
  private_key_pem = tls_private_key.debian.private_key_pem
}

data "external" "cert" {
  program = ["bash", "${path.module}/files/get_cert.sh"]

  query = {
    pubkey = trimspace(data.tls_public_key.debian.public_key_openssh)
    host   = var.name
  }
}

resource "null_resource" "cert" {
  triggers = {
    cert = data.external.cert.result["cert"]
  }

  lifecycle {
    ignore_changes = [
      triggers
    ]
  }
}

resource "libvirt_volume" "debian" {
  name             = "${var.name}.iso"
  pool             = "disk"
  size             = var.disk_size
  base_volume_name = "debian-bookworm.qcow2"
  base_volume_pool = "iso"

  lifecycle {
    replace_triggered_by = [
      libvirt_cloudinit_disk.debian.id
    ]
  }
}

resource "libvirt_cloudinit_disk" "debian" {
  name           = "${var.name}.iso"
  pool           = "init"
  user_data      = local.cloudinit_user_data
  network_config = file("${path.module}/files/network_config.cfg")
}

resource "libvirt_domain" "debian" {
  name      = var.name
  memory    = var.memory
  vcpu      = 4
  autostart = true

  disk {
    volume_id = libvirt_volume.debian.id
  }

  network_interface {
    bridge   = "dmzbr"
    hostname = var.name
    mac      = var.mac
  }

  cloudinit = libvirt_cloudinit_disk.debian.id

  lifecycle {
    replace_triggered_by = [
      libvirt_cloudinit_disk.debian.id
    ]
  }
}