terraform {
  backend "local" {
    path = "./.tfstate/terraform.tfstate"
  }
}

terraform {
  required_providers {
    sops = {
      source  = "carlpett/sops"
      version = "~> 0.5"
    }
    postgresql = {
      source = "cyrilgdn/postgresql"
    }
  }
}

provider "nomad" {
  address = "http://jaglan-beta-m01.othrayte.one:4646"
}

data "sops_file" "secrets" {
  source_file = "secrets.enc.json"
}

// Networking

resource "nomad_job" "traefik" {
  jobspec = file("traefik.nomad.hcl")
}

// Authentication

resource "nomad_job" "authelia" {
  jobspec = file("authelia.nomad.hcl")
}

resource "nomad_variable" "authelia" {
  path = "nomad/jobs/authelia"
  items = {
    session_secret = data.sops_file.secrets.data["authelia.session_secret"]
    jwt_secret     = data.sops_file.secrets.data["authelia.jwt_secret"]
    encryption_key = data.sops_file.secrets.data["authelia.encryption_key"]
  }
}

// Data

resource "nomad_job" "csi-smb" {
  jobspec = file("csi-smb.nomad.hcl")
}

data "nomad_plugin" "smb" {
  plugin_id        = "smb"
  wait_for_healthy = true
}

resource "nomad_job" "postgres" {
  jobspec = file("postgres.nomad.hcl")
}

resource "nomad_job" "pgadmin" {
  jobspec = file("pgadmin.nomad.hcl")
}

resource "nomad_job" "pgbackup" {
  jobspec = file("pgbackup.nomad.hcl")
}

resource "nomad_variable" "postgres" {
  path = "nomad/jobs/postgres"
  items = {
    postgres_password = data.sops_file.secrets.data["postgres.postgres"]
  }
}

provider "postgresql" {
  #host            = "jaglan-beta-m01.othrayte.one"
  host            = "192.168.1.235"
  port            = 5432
  database        = "postgres"
  username        = "postgres"
  password        = data.sops_file.secrets.data["postgres.postgres"]
  sslmode         = "disable"
  connect_timeout = 15
}

resource "nomad_csi_volume_registration" "unraid_database_dump" {
  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
  depends_on = [data.nomad_plugin.smb]
  plugin_id  = "smb"

  volume_id = "unraid_database_dump"
  name      = "unraid_database_dump"

  external_id = "unraid_database_dump"

  capability {
    access_mode     = "single-node-writer"
    attachment_mode = "file-system"
  }

  context = {
    source = "//192.168.1.192/database-dump"
  }

  secrets = {
    "username" = "nomad"
    "password" = data.sops_file.secrets.data["unraid.nomad"]
  }
}