provider "aws" {
  region = "eu-west-2"
}

terraform {
  backend "s3" {
    bucket = "net.vereto.terraform.states"
    key    = "jamulus/tf-base.state"
    region = "eu-central-1"
  }
}

resource "aws_instance" "jamulus" {
  ami             = "${data.aws_ami.image.id}"
  instance_type   = "t3.medium"
  key_name        = "jamulus"
  security_groups = [aws_security_group.ssh.name, aws_security_group.jamulus.name, aws_security_group.node-exporter.name] # Add your own IP to this group

  provisioner "remote-exec" {
    inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"]
    connection {
      type        = "ssh"
      user        = "ubuntu"
      host        = self.public_ip
      private_key = file("${path.module}/jamulus.pem")
    }
  }

  provisioner "local-exec" {
    command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} jamulus-install.yml"
  }

  tags = {
    Name = "ejam.vereto.net"
  }
}

data "aws_ami" "image" {
  most_recent = true
  owners      = ["self"]
  filter {
    name   = "name"
    values = ["vlp-*"]
  }
}

data "http" "myip" {
  url = "http://ipv4.icanhazip.com"
}

resource "aws_security_group" "ssh" {
  name        = "jamulus-ssh-access"
  description = "Allow SSH inbound traffic"
}

resource "aws_security_group_rule" "allow_all" {
  type              = "egress"
  to_port           = 0
  protocol          = "-1"
  from_port         = 0
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.ssh.id
}

resource "aws_security_group_rule" "ssh" {
  type              = "ingress"
  to_port           = 22
  from_port         = 22
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.ssh.id
}


resource "aws_security_group" "jamulus" {
  name        = "jamulus-port-access"
  description = "Allow jamulus inbound traffic"
}

resource "aws_security_group_rule" "jamulus" {
  type              = "ingress"
  to_port           = 22124
  from_port         = 22124
  protocol          = "udp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.jamulus.id
}

resource "aws_security_group" "node-exporter" {
  name        = "jam-node-exporter-port-access"
  description = "Allow jamulus inbound traffic"
}

resource "aws_security_group_rule" "node-exporter" {
  type              = "ingress"
  to_port           = 9100
  from_port         = 9100
  protocol          = "tcp"
  cidr_blocks       = ["142.132.191.61/32"]
  security_group_id = aws_security_group.node-exporter.id
}


output "jamulus_ip" {
  value = "${aws_instance.jamulus.public_ip}"
}

output "broadcast_ip" {
  value = "${aws_instance.broadcast.public_ip}"
}