terraform {
  backend "http" {}
}

variable "slug" {
  type = "string"
}


provider "aws" {
  region     = "eu-west-1"
}

resource "aws_key_pair" "deployer" {
  key_name   = "deployer"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwICJ0eU/M+373AwzuvFtr+xCQdIQfK8CgbroCVMR2nezt/M+I8TIHtY9eb7M7J9Wnpgo+ObVbEmLXZeyzjme4BVBEBCUfKnkxmysqQFCb3NM96rLz509HFsKx/evo8Y+oazuW2L3vnLEKkqXq8jhL2YhlRWZwdNoEBa5N6Lsk/C4zwElAJKRkUDURLZcaNQOiTBtXh4lviX6Fj8rXjRgw/rZZ/fkWkLhP0RuS9V6Pw+f58sgFPkw19ZXj0LZNGHxeeCnyU7Ll0WlZa3WkDwbhNDvHJy6ZcIYZYHJicRKfbeCgBS7KRJvAlnW88au2wbU9t02H9INJyI5Mwua23X9v7tPvFLIFUOHIL5oCJEFYO4iM3lHTwrAov3UQ4/hsV/EVL1rQ1htDMt0QoXxQnJH0u7ThssGi1shJb34/F828lj1qPE4vjvoEyOLZs/pUwXbKHnKevQyiU159J/41shp7HNYh0d6eAeyFSnyvdfhvzx2TdKII0LaXdIgA3BYhN+j4ljNuN1BLEllJNb3u2L8FyyV/PA53k9XE8RdVU3JpE2m1u/49sgYiboruQzzQqelyuvBnajf/4q5wMQrJ8lf4PXp/oTwcvolJ/qiQ5qkfCx7sZojgLZlz1ReqsGAubEpZydme1Ujm5SGVkSSHC/Kx4sDADetJ3k6b1s4Y6w6cfw== chris@giedi"
}

data "aws_security_group" "guix-client" {
  id = "sg-d8003ba3"
}

data "aws_instance" "guix-daemon" {
  instance_id = "i-010e25f85dfa73e72"
}

data "aws_route53_zone" "main" {
  zone_id = "ZD004G8DN6AQZ"
}

data "template_file" "govuk_service" {
  template = "file(example/govuk.service.tpl)"

  vars {
    guix_daemon_socket = "guix://${data.aws_instance.guix-daemon.private_dns}",
    app_domain = "${var.slug}.aws.cbaines.net",
    web_domain = "www.${var.slug}.aws.cbaines.net"
  }
}

resource "aws_spot_instance_request" "example" {
  ami           = "ami-8fd760f6"
  instance_type = "t2.large"
  key_name      = "${aws_key_pair.deployer.key_name}"
  security_groups = [
    "${data.aws_security_group.guix-client.name}",
    "default",
    "public-webserver"
  ]

  wait_for_fulfillment = true
  spot_price = "0.05"

  provisioner "file" {
    content = "${data.template_file.govuk_service.rendered}"
    destination = "/home/ubuntu/govuk.service"
    
    connection {
      type     = "ssh"
      user     = "ubuntu"
    }
  }

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get update",
      "sudo apt-get -y install nfs-common cachefilesd",
      "sudo tune2fs -o user_xattr /dev/xvda1",
      "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd",
      "sudo mkdir -p /gnu/store",
      "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:gnu/store /gnu/store",
      "sudo mkdir -p /var/guix",
      "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:var/guix /var/guix",
      "echo \"export GUIX_DAEMON_SOCKET=guix://${data.aws_instance.guix-daemon.private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh",
      #"sudo systemctl restart cachefilesd",
      "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service",
      "sudo systemctl daemon-reload",
      "sudo systemctl enable govuk.service",
      "sudo systemctl start govuk.service"
    ]

    connection {
      type     = "ssh"
      user     = "ubuntu"
    }
  }
}

resource "aws_route53_record" "example" {
  zone_id = "${data.aws_route53_zone.main.zone_id}"
  name    = "${var.slug}"
  type    = "A"
  ttl     = "60"
  records = ["${aws_spot_instance_request.example.public_ip}"]
}

resource "aws_route53_record" "example_wildcard" {
  zone_id = "${data.aws_route53_zone.main.zone_id}"
  name    = "*.${var.slug}"
  type    = "A"
  ttl     = "60"
  records = ["${aws_spot_instance_request.example.public_ip}"]
}