resource "aws_instance" "broadcast" {
  ami             = "${data.aws_ami.image.id}"
  instance_type   = "t3.medium"
  key_name        = "jamulus"
  security_groups = [ aws_security_group.ssh.name, aws_security_group.broadcast.name, aws_security_group.node-exporter.name ] # Add your own IP to this group

  provisioner "remote-exec" {
    inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"]
    connection {
      type = "ssh"
      user = "ubuntu"
      host = self.public_ip
      private_key = file("${path.module}/jamulus.pem")
    }
  }

  provisioner "local-exec" {
    command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '${self.public_ip},' --private-key ${"${path.module}/jamulus.pem"} broadcast-install.yml"
  }

  tags = {
    Name = "broadcast.vereto.net"
  }
}

resource "aws_security_group" "broadcast" {
  name        = "broadcast-port-access"
  description = "Allow broadcast inbound traffic"
}

resource "aws_security_group_rule" "icecast" {
  type              = "ingress"
  to_port           = 8000
  from_port         = 8000
  protocol          = "tcp"
  cidr_blocks       = [ "0.0.0.0/0"]
  security_group_id = aws_security_group.broadcast.id
}

resource "aws_security_group_rule" "rtmp-1" {
  type              = "ingress"
  to_port           = 8554
  from_port         = 8554
  protocol          = "udp"
  cidr_blocks       = [ "0.0.0.0/0"]
  security_group_id = aws_security_group.broadcast.id
}

resource "aws_security_group_rule" "rtmp-2" {
  type              = "ingress"
  to_port           = 1935
  from_port         = 1935
  protocol          = "tcp"
  cidr_blocks       = [ "0.0.0.0/0"]
  security_group_id = aws_security_group.broadcast.id
}

resource "aws_security_group_rule" "rtmp-3" {
  type              = "ingress"
  to_port           = 8888
  from_port         = 8888
  protocol          = "tcp"
  cidr_blocks       = [ "0.0.0.0/0"]
  security_group_id = aws_security_group.broadcast.id
}