provider "aws" {
  region = local.aws_region
}

resource "random_pet" "name" {}

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "social-vpc"
  cidr = "10.42.0.0/16"

  azs = [ "${local.aws_region}a" ] # XXX probably a better way to pick AZs
  private_subnets = [ "10.42.0.0/20"  ]
  public_subnets  = [ "10.42.16.0/20" ]

  enable_nat_gateway = false # nat gateways cost money and who has any of that?
  enable_vpn_gateway = false
}

resource "aws_instance" "social" {
  ami                    = data.aws_ami.ubuntu.id
  instance_type          = local.instance_type
  subnet_id              = module.vpc.public_subnets.0
  key_name               = aws_key_pair.key.key_name
  iam_instance_profile   = aws_iam_instance_profile.ssm.name

  vpc_security_group_ids = [ module.sg.security_group_id ]

  user_data = <<EOF
#!/bin/bash
set -e
sudo snap install amazon-ssm-agent --classic
sudo apt-get -y --no-install-recommends install ansible
EOF

  tags = { Name = "social" }
  lifecycle {
    ignore_changes = [ ami ]
  }
}

resource "aws_eip" "social" {
  domain   = "vpc"
  instance = aws_instance.social.id
}

module "sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "social"
  description = "social SG"
  vpc_id      = module.vpc.vpc_id

  egress_rules = [ "all-all" ]

  ingress_with_cidr_blocks = [
#    {
#      rule        = "http-80-tcp"
#      cidr_blocks = "0.0.0.0/0"
#    },
#    {
#    },
#    {
#    }
  ]
}

resource "aws_key_pair" "key" {
  key_name = "social"
  public_key = local.public_key
}

data "aws_ami" "ubuntu" {
    most_recent = true

    filter {
        name   = "name"
        values =  ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]
    }

    filter {
        name   = "virtualization-type"
        values = ["hvm"]
    }

    owners = ["099720109477"] # Canonical
}