provider "aws" {
  region = "eu-west-2"
}

terraform {
  backend "s3" {
    bucket = "net.vereto.terraform.states"
    key    = "jamulus/tf-base.state"
    region = "eu-central-1"
  }
}

data "aws_region" "current" {}

resource "tls_private_key" "jamulus" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "generated_key" {
  key_name   = "jamulus-${data.aws_region.current.name}"
  public_key = "${tls_private_key.jamulus.public_key_openssh}"
}

resource "aws_instance" "jamulus" {
  ami             = "${data.aws_ami.image.id}"
  instance_type   = "c6i.xlarge"
  key_name        = "${aws_key_pair.generated_key.key_name}"
  security_groups = [aws_security_group.ssh.name, aws_security_group.jamulus.name, aws_security_group.node-exporter.name] # Add your own IP to this group

  provisioner "local-exec" {
    command = <<-EOT
      echo '${tls_private_key.jamulus.private_key_openssh}' > ${aws_key_pair.generated_key.key_name} &&
      chmod 600 ${aws_key_pair.generated_key.key_name} &&
      sleep 30
    EOT
  }

  provisioner "local-exec" {
    command = <<-EOT
      ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu \
      -i '${self.public_ip},' \
      --private-key "${path.module}/${aws_key_pair.generated_key.key_name}" \
      jamulus-install.yml --extra-vars 'ec2_id=${self.id}'
    EOT
  }

  tags = {
    Name = "jam.vereto.net"
  }
}

data "aws_ami" "image" {
  most_recent = true
  owners      = ["self"]
  filter {
    name   = "name"
    values = ["vlp-*"]
  }
}

data "http" "myip" {
  url = "http://ipv4.icanhazip.com"
}

resource "aws_security_group" "ssh" {
  name        = "jamulus-ssh-access"
  description = "Allow SSH inbound traffic"
}

resource "aws_security_group_rule" "allow_all" {
  type              = "egress"
  to_port           = 0
  protocol          = "-1"
  from_port         = 0
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.ssh.id
}

resource "aws_security_group_rule" "ssh" {
  type              = "ingress"
  to_port           = 22
  from_port         = 22
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.ssh.id
}

resource "aws_security_group" "jamulus" {
  name        = "jamulus-port-access"
  description = "Allow jamulus inbound traffic"
}

resource "aws_security_group_rule" "jamulus" {
  type              = "ingress"
  to_port           = 22124
  from_port         = 22124
  protocol          = "udp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.jamulus.id
}

resource "aws_security_group" "node-exporter" {
  name        = "jam-node-exporter-port-access"
  description = "Allow jamulus inbound traffic"
}

resource "aws_security_group_rule" "node-exporter" {
  type              = "ingress"
  to_port           = 9100
  from_port         = 9100
  protocol          = "tcp"
  cidr_blocks       = ["49.12.40.148/32"]
  security_group_id = aws_security_group.node-exporter.id
}

output "jamulus_ip" {
  value = "${aws_instance.jamulus.public_ip}"
}

output "broadcast_ip" {
  value = "${aws_instance.broadcast.*.public_ip}"
}