provider "nomad" {
    # For some reason nomad is binding to the tailscale IP but not the (local) IP that we get for the same hostname
  address = "http://jaglan-beta-m01:4646"
}

terraform {
  backend "local" {
    path = "./.tfstate/terraform.tfstate"
  }
}

terraform {
  required_providers {
    sops = {
      source = "carlpett/sops"
      version = "~> 0.5"
    }
  }
}

data "sops_file" "secrets" {
  source_file = "secrets.enc.json"
}

// Networking

resource "nomad_job" "traefik" {
  jobspec = file("traefik.nomad.hcl")
}

// Authentication

resource "nomad_job" "authelia" {
  jobspec = file("authelia.nomad.hcl")
}

// Data

resource "nomad_job" "csi-smb" {
  jobspec = file("csi-smb.nomad.hcl")
}

data "nomad_plugin" "smb" {
  plugin_id        = "smb"
  wait_for_healthy = true
}

resource "nomad_job" "postgres" {
  jobspec = file("postgres.nomad.hcl")
}

resource "nomad_job" "pgadmin" {
  jobspec = file("pgadmin.nomad.hcl")
}

resource "nomad_job" "pgbackup" {
  jobspec = file("pgbackup.nomad.hcl")
}

resource "nomad_csi_volume_registration" "unraid_database_dump" {
  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
  depends_on  = [data.nomad_plugin.smb]
  plugin_id  = "smb"
  
  volume_id  = "unraid_database_dump"
  name = "unraid_database_dump"

  external_id = "unraid_database_dump"

  capability {
    access_mode     = "single-node-writer"
    attachment_mode = "file-system"
  }

  context = {
    source = "//192.168.1.192/database-dump"
  }

  secrets = {
    "username" = "nomad"
    "password" = data.sops_file.secrets.data["unraid.nomad"]
  }
}