resource "random_pet" "pet01" {}

resource "stackit_key_pair" "admin_keypair" {
  name       = "${random_pet.pet01.id}-keypair"
  public_key = chomp(file("~/.ssh/id_rsa.pub"))
}

resource "stackit_routing_table" "rt1" {
  name            = "routing-table01"
  network_area_id = local.sna_id
  organization_id = var.stackit_organization_id
}

resource "stackit_routing_table_route" "vpn" {
  organization_id  = var.stackit_organization_id
  network_area_id = local.sna_id
  routing_table_id = stackit_routing_table.rt1.routing_table_id
  next_hop = {
    type  = "ipv4"
    value = "10.1.1.10"
  }
  destination = {
    type  = "cidrv4"
    value = "192.168.1.0/24"
  }
}

resource "stackit_routing_table_route" "blackhole_route" {
  organization_id  = var.stackit_organization_id
  network_area_id = local.sna_id
  routing_table_id = stackit_routing_table.rt1.routing_table_id

  destination = {
    type  = "cidrv4"
    // ip of stackit.de
    value = "45.129.42.3/32"
  }

  next_hop = {
    type  = "internet"
  }
}

resource "stackit_network" "cloud_network01" {
  project_id       = stackit_resourcemanager_project.cloud.project_id
  ipv4_prefix      = "10.1.1.0/24"
  name             = "cloud-network-01"
  ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
  routing_table_id = stackit_routing_table.rt1.routing_table_id
}

resource "stackit_network" "cloud_network02" {
  project_id       = stackit_resourcemanager_project.cloud.project_id
  ipv4_prefix      = "10.1.2.0/24"
  name             = "cloud-network-02"
  ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
  routing_table_id = stackit_routing_table.rt1.routing_table_id
}

resource "stackit_network" "onprem_network01" {
  project_id       = stackit_resourcemanager_project.onprem.project_id
  ipv4_prefix      = "192.168.1.0/24"
  name             = "onprem-network-02"
  ipv4_nameservers = ["9.9.9.9", "1.1.1.1"]
}

resource "stackit_network_interface" "appliances" {
  for_each = {
    appliance01 = {
      network_id = stackit_network.cloud_network01.network_id
      ipv4       = "10.1.1.10"
      project_id = stackit_resourcemanager_project.cloud.project_id
    }
    appliance02 = {
      network_id = stackit_network.onprem_network01.network_id
      ipv4       = "192.168.1.10"
      project_id = stackit_resourcemanager_project.onprem.project_id
    }
  }

  project_id = each.value.project_id
  network_id = each.value.network_id
  ipv4       = each.value.ipv4
  security   = false
}

resource "stackit_public_ip" "wan_ips_appliances" {
  for_each = {
    appliance01 = {
      network_interface_id = stackit_network_interface.appliances["appliance01"].network_interface_id
      project_id           = stackit_resourcemanager_project.cloud.project_id
    }
    appliance02 = {
      network_interface_id = stackit_network_interface.appliances["appliance02"].network_interface_id
      project_id           = stackit_resourcemanager_project.onprem.project_id
    }
  }

  project_id           = each.value.project_id
  network_interface_id = each.value.network_interface_id
}

locals {
  appliance_ips = {
    appliance01 = {
      local_ip     = "10.1.1.10"
      local_subnet = "10.1.0.0/16" # Allow both 10.1.1.0 and 10.1.2.0 via VPN
    }
    appliance02 = {
      local_ip     = "192.168.1.10"
      local_subnet = "192.168.1.0/24"
    }
  }

  vpn_config = {
    appliance01 = {
      local_ip      = local.appliance_ips.appliance01.local_ip
      remote_ip     = stackit_public_ip.wan_ips_appliances["appliance02"].ip
      local_subnet  = local.appliance_ips.appliance01.local_subnet
      remote_subnet = local.appliance_ips.appliance02.local_subnet
      leftid        = stackit_public_ip.wan_ips_appliances["appliance01"].ip
      rightid       = stackit_public_ip.wan_ips_appliances["appliance02"].ip
    }
    appliance02 = {
      local_ip      = local.appliance_ips.appliance02.local_ip
      remote_ip     = stackit_public_ip.wan_ips_appliances["appliance01"].ip
      local_subnet  = local.appliance_ips.appliance02.local_subnet
      remote_subnet = local.appliance_ips.appliance01.local_subnet
      leftid        = stackit_public_ip.wan_ips_appliances["appliance02"].ip
      rightid       = stackit_public_ip.wan_ips_appliances["appliance01"].ip
    }
  }

  init_config = {
    appliance01 = templatefile("${path.module}/cloud-init.yaml", merge(local.vpn_config["appliance01"], {
      psk = var.vpn_psk
    }))
    appliance02 = templatefile("${path.module}/cloud-init.yaml", merge(local.vpn_config["appliance02"], {
      psk = var.vpn_psk
    }))
  }
}

resource "stackit_server" "appliances" {
  for_each = {
    appliance01 = {
      project_id        = stackit_resourcemanager_project.cloud.project_id
      availability_zone = "eu01-1"
    }
    appliance02 = {
      project_id        = stackit_resourcemanager_project.onprem.project_id
      availability_zone = "eu01-2"
    }
  }

  project_id        = each.value.project_id
  name              = each.key
  availability_zone = each.value.availability_zone
  machine_type      = "c1.4"
  keypair_name      = stackit_key_pair.admin_keypair.name

  user_data = local.init_config[each.key]

  boot_volume = {
    size                  = 64
    source_type           = "image"
    source_id             = var.debian_image_id
    performance_class     = "storage_premium_perf6"
    delete_on_termination = true
  }

  network_interfaces = [
    stackit_network_interface.appliances[each.key].network_interface_id
  ]
}

output "appliance01_cloud01_public_ip" {
  value = stackit_public_ip.wan_ips_appliances["appliance01"].ip
}

output "appliance02_onprem01_public_ip" {
  value = stackit_public_ip.wan_ips_appliances["appliance02"].ip
}