terraform {
    required_providers {
        proxmox = {
            source = "bpg/proxmox",
            version = "~>0.56.1"
        }
        random = {
            source = "hashicorp/random"
        }
        local = {
            source = "hashicorp/local"
        }
    }
    required_version = ">=1.6.2"
}

module "sshd" {
    source = "../sshd"
    address_family = "inet"
}

locals {
    data_device_path = "/dev/disk/by-path/pci-0000:00:0a.0"

    data_disk = {
        device = local.data_device_path
        partitions = [
            {
                label = "caddy_data"
                number = 1
                startMiB = 0
                sizeMiB = 100
                typeGuid = "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
                resize = true
            },
            {
                label = "dhcp_config"
                number = 2
                startMiB = 0
                sizeMiB = 10
                typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
                resize = true
            },
            {
                label = "dhcp_data"
                number = 3
                startMiB = 0
                sizeMiB = 10
                typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
                resize = true
            },
            {
                label = "fcos_images"
                number = 4
                startMiB = 0
                sizeMiB = 8192
                typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
                resize = true                
            },
            {
                label = "ign_files"
                number = 5
                startMiB = 0
                sizeMiB = 512
                typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
                resize = true        
            },
            {
                label = "ssh_keys"
                number = 6
                startMiB = 0
                sizeMiB = 10
                typeGuid= "0FC63DAF-8483-4772-8E79-3D69D8477DE4"
                resize = true        
            }            
        ]
    }

    hostname_file = {
        path = "/etc/hostname"
        user = {id = 0}
        group = {id = 0}
        mode = 420 #0644
        contents = {
            source = format(
                "data:text/plain;base64,%s",
                base64encode(var.hostname),
            )
        }
    }

    network_config_file = {
        path = "/etc/NetworkManager/system-connections/${var.dhcp_iface}.nmconnection"
        user = {id = 0}
        group = {id = 0}
        mode = 384 #0600
        contents = {
            source = format(
                "data:text/plain;base64,%s",
                base64encode(templatefile(
                    "${path.module}/files/dhcp_nmconnection.tftpl",
                    {
                        iface = var.dhcp_iface
                        ip_address = var.dhcp_server_ip_addr
                        netmask = split("/", var.dhcp_range)[1]
                        gateway = var.dhcp_gateway
                        dns_server = var.dhcp_gateway
                    }
                ))
            )
        }
    }

    core_user = {
        name = "core"
        passwordHash = "$6$vDMAZf/yOO6mEbcs$6VE7WD8T9/PeotszMFxatOQxB/rFmLDWsNajg4sI0O47OikSuVpqPjkxRbzcueiXn6rBUY1ubCHlp0nnoZ1VI1" # password is "tititoto"; only there for debug; please remove in prod
        sshAuthorizedKeys = [
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQnLSYLGzUVmDMMGgEKCNgfAOkIuqhOMGGuvgskACum fmaury@2a01cb00142b3d00ee15f742996f2775.ipv6.abo.wanadoo.fr"
        ]
    }

    ignition_config = jsonencode({
        ignition = {
            version = "3.4.0"
        }
        storage = {
            disks = [
                local.data_disk,
            ]
            filesystems = concat(
                local.dhcp_filesystems,
                local.caddy_filesystems,
                local.sftp_filesystems,
            )
            directories = concat(
                local.dhcp_directories,
                local.caddy_directories,
                local.sftp_directories,
            )
            files = concat(
                [
                    local.hostname_file,
                    local.network_config_file,
                ],
                module.sshd.files,
                local.dhcp_files,
                local.caddy_files,
                local.sftp_files,
            )
        }
        systemd = {
            units = concat(
                local.dhcp_systemd_units,
                local.caddy_systemd_units,
                module.sshd.systemd_units,
            )
        }
        passwd = {
            users = concat(
                [
                    local.core_user
                ],
                module.sshd.users,
            )
            groups = module.sshd.groups
        }
    })
}

resource "random_pet" "config_name" {
    length = 4
}

locals {
    generated_ignition_config_file = "netboot_server_ignition_config_${random_pet.config_name.id}.ign"
}

resource "local_file" "api_token" {
    content = "Authorization: PVEAPIToken=${var.pve_api_token}"
    filename = "pve_api_token"
    file_permission = "0600"
}

resource "local_file" "netboot_server_ignition_config" {
    depends_on = [ local_file.api_token ]
    content = local.ignition_config
    filename = format("${path.module}/%s", local.generated_ignition_config_file)
    file_permission = "0644"

    # Download ISO to customize
    provisioner "local-exec" {
        command = <<EOT
podman run --security-opt label=disable --pull=always --rm -v ${path.cwd}/${path.module}:/data -w /data \
    quay.io/coreos/coreos-installer:release download -f iso
EOT
    }

    # Customize ISO
    provisioner "local-exec" {
        environment = {
          KERNEL_ARG = "--live-karg-append=coreos.liveiso.fromram"
          IGNITION_ARG = "--live-ignition=./${local.generated_ignition_config_file}"
        }
        command = <<EOT
rm -f ${path.module}/customized-${random_pet.config_name.id}.iso && \
podman run --security-opt label=disable --pull=always --rm -v ${path.cwd}/${path.module}:/data -w /data \
  quay.io/coreos/coreos-installer:release \
  iso customize $KERNEL_ARG $IGNITION_ARG \
  -o customized-${random_pet.config_name.id}.iso $(basename $(ls -1 ${path.module}/fedora-coreos-*-live.x86_64.iso))
EOT
    }

    provisioner "local-exec" {
        command = <<EOT
curl \
  -F "content=iso" \
  -F "filename=@${path.module}/customized-${random_pet.config_name.id}.iso;type=application/vnd.efi.iso;filename=fcos-netboot-server-${random_pet.config_name.id}.iso" \
  -H "@${local_file.api_token.filename}" \
  "${var.pve_api_base_url}api2/json/nodes/${var.pve_node_name}/storage/${var.pve_storage_id}/upload"
EOT      
    }
}

resource "proxmox_virtual_environment_vm" "netboot_server" {
    name = "netboot-server"
    node_name = var.pve_node_name
    vm_id = var.pve_vm_id
    
    cpu {
        architecture = "x86_64"
        type = "host"
        sockets = 1
        cores = 4
    }

    memory {
        dedicated = 4096
    }

    cdrom {
        enabled = true
        file_id = "${var.pve_storage_id}:iso/fcos-netboot-server-${random_pet.config_name.id}.iso"
    }

    disk {
        datastore_id = var.pve_storage_id
        interface = "virtio0"
        size = 10
    }

    network_device {
        bridge = var.prod_network_name
        model = "virtio"
    }

    operating_system {
        type = "l26"
    }

    keyboard_layout = "fr"
    vga {}
    serial_device{}
}