# Define required providers
terraform {
required_version = ">= 0.14.0"
  required_providers {
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "~> 1.53.0"
    }
  }
}

# Configure the OpenStack Provider
provider "openstack" {
  cloud = "sto4-rut"
}
resource "openstack_networking_secgroup_v2" "https" {
  name        = "https"
  description = "Traffic to allow between microk8s hosts"
}
resource "openstack_networking_secgroup_rule_v2" "https_rule1" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 443
  port_range_max    = 443
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = openstack_networking_secgroup_v2.https.id
}
resource "openstack_networking_secgroup_rule_v2" "https_rule2" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 443
  port_range_max    = 443
  remote_ip_prefix  = "::/0"
  security_group_id = openstack_networking_secgroup_v2.https.id
}
resource "openstack_networking_secgroup_rule_v2" "https_rule3" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 80
  port_range_max    = 80
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = openstack_networking_secgroup_v2.https.id
}
resource "openstack_networking_secgroup_rule_v2" "https_rule4" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 80
  port_range_max    = 80
  remote_ip_prefix  = "::/0"
  security_group_id = openstack_networking_secgroup_v2.https.id
}
resource "openstack_networking_secgroup_v2" "jumphosts" {
  name        = "Allow SSH from SUNET jumphosts"
  description = "Traffic to allow ssh access from jumphosts"
}
resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule1" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "130.242.125.68/32"
  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
}
resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule2" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "130.242.121.73/32"
  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
}
resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule3" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "2001:6b0:8:4::68/128"
  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
}
resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule4" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "2001:6b0:7:6::73/128"
  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
}
resource "openstack_compute_instance_v2" "monitor-node" {
  name            = "internal-sto4-prod-monitor-1.${var.dns_suffix}"
  flavor_name     = "${var.monitor_instance_type}"
  key_pair        = "thorslund"
  security_groups = ["https", "Allow SSH from SUNET jumphosts",]
  

  block_device {
    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12
    source_type           = "image"
    volume_size           = 200
    boot_index            = 0
    destination_type      = "volume"
    delete_on_termination = false
  }
  network {
    name = "public"
  }
    scheduler_hints {
      #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. 
      group = openstack_compute_servergroup_v2.controllers.id 
  }
}
resource "openstack_compute_instance_v2" "satosa-node" {
  name            = "internal-sto4-prod-satosa-1.${var.dns_suffix}"
  flavor_name     = "${var.monitor_instance_type}"
  key_pair        = "thorslund"
  security_groups = ["https", "Allow SSH from SUNET jumphosts",]
  

  block_device {
    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12
    source_type           = "image"
    volume_size           = 20
    boot_index            = 0
    destination_type      = "volume"
    delete_on_termination = false
  }
  network {
    name = "public"
  }
    scheduler_hints {
      #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. 
      group = openstack_compute_servergroup_v2.controllers.id 
  }
}