# terraform config
terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
      version = "1.35.2"
    }
    hetznerdns = {
      source = "timohirt/hetznerdns"
      version = "2.2.0"
    }
  }
}

provider "hcloud" {
  token = var.hcloud_token
}

provider "hetznerdns" {
  apitoken = var.hetznerdns_token
}

# bootstrap ssh key
resource "hcloud_ssh_key" "pubkey" {
  name = "bootstrap-ssh"
  public_key = file(var.ssh_public_key_path)
}


# server
resource "hcloud_server" "k3s-node" {
  count = var.node_count
  name = "k3s-node-${count.index + 1}"
  image = "ubuntu-22.04"
  server_type = var.server_type
  ssh_keys = [ "${hcloud_ssh_key.pubkey.id}" ]
  location = var.server_location
  rescue = "linux64"
  firewall_ids = [ hcloud_firewall.fw.id ]
  depends_on = [
    hcloud_network_subnet.k3s-net,
    hcloud_firewall.fw
  ]
}


# internal network
resource "hcloud_network" "internal_net" {
  name     = "internal network"
  ip_range = "10.0.0.0/8"
}

resource "hcloud_network_subnet" "k3s-net" {
  network_id   = hcloud_network.internal_net.id
  type         = "cloud"
  network_zone = "eu-central"
  ip_range     = "10.0.1.0/24"
}

resource "hcloud_server_network" "k3s-node-to-network-allocation" {
  count = var.node_count
  server_id  = hcloud_server.k3s-node[count.index].id
  subnet_id = hcloud_network_subnet.k3s-net.id
  ip         = "10.0.1.${count.index + 1}"
  depends_on = [
    hcloud_server.k3s-node
  ]
}


#DNS
data "hetznerdns_zone" "dns_zone" {
    name = var.hetznerdns_zone
}

resource "hetznerdns_record" "k3sv4" {
    zone_id = data.hetznerdns_zone.dns_zone.id
    name = "*.k3s"
    value = hcloud_load_balancer.lb.ipv4
    type = "A"
    ttl= 3400
  depends_on = [
    hcloud_load_balancer.lb
  ]
}

resource "hetznerdns_record" "k3sv6" {
    zone_id = data.hetznerdns_zone.dns_zone.id
    name = "*.k3s"
    value = hcloud_load_balancer.lb.ipv6
    type = "AAAA"
    ttl= 3400
  depends_on = [
    hcloud_load_balancer.lb
  ]
}


# loadbalancer
resource "hcloud_load_balancer" "lb" {
  name               = "k3s-load-balancer"
  load_balancer_type = var.loadbalancer_type
  location           = var.server_location
}

resource "hcloud_load_balancer_target" "load_balancer_target" {
  count            = var.node_count
  type             = "server"
  load_balancer_id = hcloud_load_balancer.lb.id
  server_id        = hcloud_server.k3s-node[count.index].id
  depends_on = [
    hcloud_server.k3s-node,
    hcloud_load_balancer.lb
  ]
}

resource "hcloud_load_balancer_network" "lb_backend_net" {
  load_balancer_id = hcloud_load_balancer.lb.id
  subnet_id = hcloud_network_subnet.k3s-net.id
  ip = "10.0.1.${var.node_count + 1 }"
}

resource "hcloud_load_balancer_service" "load_balancer_tcp_80" {
    load_balancer_id = hcloud_load_balancer.lb.id
    protocol         = "tcp"
    listen_port      = 80
    destination_port = 80
}

resource "hcloud_load_balancer_service" "load_balancer_tcp_443" {
    load_balancer_id = hcloud_load_balancer.lb.id
    protocol         = "tcp"
    listen_port      = 443 
    destination_port = 443 
}

# firewall
resource "hcloud_firewall" "fw" {
  name = "fw"
  rule {
    direction = "in"
    protocol  = "icmp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "22"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }

}