terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~>4.0"
    }
  }
}

provider "cloudflare" {
  api_token = var.cloudflare_token
}

resource "cloudflare_tunnel" "tunnel" {
  account_id = var.account_id
  name       = "exercise"
  secret     = var.tunnel_secret
}

resource "cloudflare_record" "notfound" {
  name    = "notfound"
  type    = "CNAME"
  zone_id = var.zone_id
  value   = cloudflare_tunnel.tunnel.cname
  proxied = true
}

resource "local_sensitive_file" "tunnel_config" {
  filename = "../roles/cloudflared_tunnel/files/config.yml"
  content  = <<-EOT
tunnel: ${cloudflare_tunnel.tunnel.id}
credentials-file: /etc/cloudflared/${cloudflare_tunnel.tunnel.id}.json

ingress:
- service: http_status:404
EOT
}

resource "local_sensitive_file" "tunnel_creds" {
  filename = "../roles/cloudflared_tunnel/templates/${cloudflare_tunnel.tunnel.id}.json"
  content  = <<-EOT
{
  "AccountTag": "${var.account_id}",
  "TunnelID": "{{ tunnel_id }}",
  "TunnelName": "mastodon",
  "TunnelSecret": "{{ tunnel_secret }}"
}
EOT
}

resource "local_sensitive_file" "credentials_variables" {
  filename = "../host_vars/server2.yml"
  content  = <<-EOT
---
tunnel_id: ${cloudflare_tunnel.tunnel.id}
tunnel_secret: ${var.tunnel_secret}

EOT
}