terraform {
  required_providers {
    proxmox = {
      source  = "telmate/proxmox"
      version = "~> 2.9"
    }
  }
}

provider "proxmox" {
  pm_api_url          = var.proxmox_host
  pm_api_token_id     = var.proxmox_token_id
  pm_api_token_secret = var.proxmox_token_secret
  pm_tls_insecure     = true
}

resource "proxmox_lxc" "staging" {
  target_node  = var.proxmox_node
  hostname     = "hugo-staging"
  vmid         = 200
  ostemplate   = var.lxc_ostemplate
  unprivileged = true
  start        = true
  onboot       = false

  cores  = 2
  memory = 1024
  swap   = 512

  rootfs {
    storage = "SSD"
    size    = "10G"
  }

  network {
    name   = "eth0"
    bridge = var.lxc_bridge
    ip     = "${var.staging_ip}/24"
    gw     = var.staging_gw
  }

  ssh_public_keys = var.ssh_public_key

  # Lifecycle: Erlaubt Destroy von geschützten Ressourcen
  lifecycle {
    create_before_destroy = false
  }

  provisioner "remote-exec" {
    inline = [
      "apt-get update -qq",
      "apt-get install -y hugo nginx git rsync curl",
      "systemctl enable --now nginx",
      "useradd -m -s /bin/bash deploy || true",
      "mkdir -p /home/deploy/.ssh",
      "chmod 700 /home/deploy/.ssh",
      "echo '${var.ssh_public_key}' >> /home/deploy/.ssh/authorized_keys",
      "chmod 600 /home/deploy/.ssh/authorized_keys",
      "chown -R deploy:deploy /home/deploy/.ssh",
      "mkdir -p /var/www/html",
      "chown -R deploy:deploy /var/www/html"
    ]
    connection {
      type        = "ssh"
      user        = "root"
      private_key = var.ssh_private_key
      host        = self.network[0].ip
    }
  }

  depends_on = []
}

output "staging_ip" {
  value = proxmox_lxc.staging.network[0].ip
}