terraform {
  required_providers {
    acme = {
      source  = "vancluever/acme"
      version = "~>2.0"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~>4.0"
    }
  }
}

provider "acme" {
  server_url = "https://acme-v02.api.letsencrypt.org/directory"
}

provider "cloudflare" {
  api_token = var.cloudflare_token
}

resource "tls_private_key" "private_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "acme_registration" "reg" {
  account_key_pem = tls_private_key.private_key.private_key_pem
  email_address   = var.acme_reg_email
}

resource "acme_certificate" "certificate" {
  account_key_pem           = acme_registration.reg.account_key_pem
  common_name               = var.domain_name
  subject_alternative_names = [var.fqdn]

  dns_challenge {
    provider = "cloudflare"
    config = {
      CF_DNS_API_TOKEN = var.cloudflare_token
    }
  }
}

resource "cloudflare_record" "flarum" {
  name    = "flarum"
  type    = "CNAME"
  zone_id = var.zone_id
  value   = var.cname_record
  proxied = true
}

resource "local_file" "public_cert" {
  filename = "../roles/flarum/files/fullchain.pem"
  content  = "${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}"
}

resource "local_sensitive_file" "private_key" {
  filename = "../roles/flarum/files/privkey.pem"
  content  = acme_certificate.certificate.private_key_pem
}