terraform {
  required_providers {
    oci = {
      source  = "oracle/oci"
      version = "~> 6.0"
    }
  }
  required_version = ">= 1.5.0"
}

provider "oci" {
  region = var.region
}

data "oci_identity_availability_domain" "ad1" {
  compartment_id = var.compartment_ocid
  ad_number      = 1
}

resource "oci_core_vcn" "gc" {
  cidr_block     = "10.42.0.0/16"
  compartment_id = var.compartment_ocid
  display_name   = "gc-vcn"
}

resource "oci_core_internet_gateway" "igw" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.gc.id
  display_name   = "gc-igw"
  enabled        = true
}

resource "oci_core_route_table" "rt" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.gc.id
  display_name   = "gc-rt"
  route_rules {
    network_entity_id = oci_core_internet_gateway.igw.id
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
  }
}

resource "oci_core_subnet" "subnet" {
  cidr_block                 = "10.42.1.0/24"
  compartment_id             = var.compartment_ocid
  vcn_id                     = oci_core_vcn.gc.id
  display_name               = "gc-subnet"
  prohibit_public_ip_on_vnic = false
  route_table_id             = oci_core_route_table.rt.id
  dns_label                  = "gcsubnet"
}

resource "oci_core_security_list" "sl" {
  compartment_id = var.compartment_ocid
  vcn_id         = oci_core_vcn.gc.id
  display_name   = "gc-sec"

  egress_security_rules {
    destination = "0.0.0.0/0"
    protocol    = "all"
  }

  ingress_security_rules {
    protocol = "6"
    source   = "0.0.0.0/0"
    tcp_options { min = 22,   max = 22 }   # SSH
  }

  ingress_security_rules {
    protocol = "6"
    source   = "0.0.0.0/0"
    tcp_options { min = 8080, max = 8080 } # API
  }

  ingress_security_rules {
    protocol = "6"
    source   = "0.0.0.0/0"
    tcp_options { min = 8081, max = 8081 } # WS
  }
}

resource "oci_core_instance" "vm" {
  compartment_id      = var.compartment_ocid
  availability_domain = data.oci_identity_availability_domain.ad1.name

  shape = var.shape

  shape_config {
    ocpus         = var.ocpus
    memory_in_gbs = var.memory_gb
  }

  source_details {
    source_type = "image"
    source_id   = var.image_ocid
  }

  create_vnic_details {
    subnet_id        = oci_core_subnet.subnet.id
    assign_public_ip = true
  }

  metadata = {
    user_data           = filebase64("${path.module}/cloud-init.yaml")
    ssh_authorized_keys = var.ssh_public_key
  }

  display_name = "greencoast-shard"
}

output "public_ip" {
  value = oci_core_instance.vm.public_ip
}