resource "null_resource" "cp-config" {
  triggers = {
    version = var.control_plane_k3s_version
  }
}

resource "null_resource" "control_plane_generation" {
  for_each = var.k3s_control_plane
  triggers = {
    timestamp = "${each.value.generation}"
  }
}

resource "hcloud_server" "control-plane" {
  for_each    = var.k3s_control_plane
  name        = each.key
  server_type = each.value.server_type
  location    = each.value.location
  image       = "ubuntu-22.04"

  backups = false

  lifecycle {
    replace_triggered_by = [
      null_resource.cp-config,
      null_resource.control_plane_generation
    ]
  }

  ssh_keys = [
    hcloud_ssh_key.provisioning_key.id,
    hcloud_ssh_key.default.id
  ]

  labels = {
    "node_type" = "control-plane"
    "cluster"   = "icb4dc0.de"
  }

  network {
    network_id = hcloud_network.k8s_net.id
    ip         = each.value.private_ip
    alias_ips  = each.value.alias_ips
  }

  public_net {
    ipv4_enabled = true
    ipv6_enabled = true
  }

  # boot into rescue OS
  rescue = "linux64"

  connection {
    host        = self.ipv4_address
    private_key = tls_private_key.provisioning.private_key_pem
    timeout     = "5m"
  }

  provisioner "file" {
    content     = data.ct_config.machine-ignitions-cp[each.key].rendered
    destination = "/root/ignition.json"
  }

  provisioner "remote-exec" {
    inline = [
      "set -ex",
      "apt-get install -y gawk",
      "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/flatcar/init/flatcar-master/bin/flatcar-install",
      "chmod +x flatcar-install",
      "./flatcar-install -s -i /root/ignition.json -C ${var.flatcar_release_channel}",
      "reboot",
    ]
    on_failure = continue
  }

  provisioner "remote-exec" {
    connection {
      host        = self.ipv4_address
      private_key = tls_private_key.provisioning.private_key_pem
      timeout     = "3m"
      user        = "core"
    }

    inline = [
      "sudo hostnamectl set-hostname ${self.name}",
    ]
  }
}

resource "cloudflare_dns_record" "cp-host-ipv4" {
  for_each = var.k3s_control_plane

  depends_on = [hcloud_server.control-plane]

  zone_id = cloudflare_zone.icb4dc0de.id
  name    = "${each.key}.k8s.${cloudflare_zone.icb4dc0de.name}"
  type    = "A"
  ttl     = 1
  content = hcloud_server.control-plane[each.key].ipv4_address
}

resource "cloudflare_dns_record" "cp-host-ipv6" {
  for_each = var.k3s_control_plane

  depends_on = [hcloud_server.control-plane]

  zone_id = cloudflare_zone.icb4dc0de.id
  name    = "${each.key}.k8s.${cloudflare_zone.icb4dc0de.name}"
  type    = "AAAA"
  ttl     = 1
  content = hcloud_server.control-plane[each.key].ipv6_address
}

data "ct_config" "machine-ignitions-cp" {
  for_each = var.k3s_control_plane
  strict   = true
  content = templatefile(
    "${path.module}/configs/cp/k3s-flatcar.yaml",
    {
      "host"               = each.key
      "k3s_token"          = data.azurerm_key_vault_secret.k3s_token.value
      "litestream_version" = var.litestream_version,
      "litestream_config" = base64encode(
        templatefile(
          "${path.module}/configs/cp/litestream.yml",
          {
            "accessKey" = data.azurerm_key_vault_secret.k3s_backup_access_key.value,
            "secretKey" = data.azurerm_key_vault_secret.k3s_backup_secret_key.value,
            "endpoint"  = data.azurerm_key_vault_secret.k3s_backup_endpoint.value
          }
        )
      )
      "node_ip"     = each.value.private_ip
      "k3s_version" = var.control_plane_k3s_version,
      "k3s_sans"    = var.k3s_sans,
    }
  )
  snippets = [
    templatefile(
      "${path.module}/configs/core-user.yaml.tmpl",
      {
        ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh]))
      }
    )
  ]
}