variable "provider_profile" { type = string }
variable "provider_region" { type = string }
variable "instance_type" { type = string }

variable "ssh_source_ips" { type = list(string) }
variable "ami_id" { type = string }
variable "key" { type = tuple([string, string]) }

variable "dns_name" { type = string }
variable "zone_id" { type = string }
variable "cert_email" { type = string }

variable "fmsadmin_user" { type = string }
variable "fmsadmin_pass" { type = string }
variable "fmsadmin_pin" { type = string }
variable "installer_url" { type = string }

provider "aws" {
  profile    = var.provider_profile
  region     = var.provider_region
}

resource "aws_eip" "fms_ip" {}

resource "aws_route53_record" "dns_record" {
  zone_id = var.zone_id
  name    = var.dns_name
  type    = "A"
  ttl     = "300"
  records = [aws_eip.fms_ip.public_ip]
}

resource "aws_instance" "fmserver" {
  ami           = var.ami_id
  instance_type = var.instance_type
  key_name        = var.key[0]
  security_groups = [aws_security_group.ssh_fms_in_all_egress.name]
}

resource "aws_security_group" "ssh_fms_in_all_egress" {
  name        = "ssh_fms"
  description = "Allow for SSH and FMS access"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = var.ssh_source_ips
  }
  ingress {
    from_port   = 5003
    to_port     = 5003
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]  # maybe change this
  }
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]  # maybe change this
  }
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]  # maybe change this
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}


resource "aws_eip_association" "assoc_and_setup" {
  instance_id   = aws_instance.fmserver.id
  allocation_id = aws_eip.fms_ip.id
  depends_on = [aws_route53_record.dns_record]

  provisioner "remote-exec" {
    inline = [
        "sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y",
        "sudo yum install certbot -y",
        "sudo certbot certonly --standalone -d ${var.dns_name} -m ${var.cert_email} --agree-tos -n",
        "sudo yum install wget -y",
        "wget ${var.installer_url}",
        "sudo yum install filemaker_server*.rpm -y",
        join("", [
          "sleep 25; ",
          "while [ -z $(systemctl show fmshelper -p SubState | grep 'SubState=running') ]; ",
          "do echo 'Waiting for FMS to be ready...'; sleep 2; done"
        ]),
        "fmsadmin resetpw -p ${var.fmsadmin_pass} -z ${var.fmsadmin_pin}",
        join("", [
            "sudo sh -c 'fmsadmin certificate import $(realpath /etc/letsencrypt/live/${var.dns_name}/cert.pem) ",
            "--keyfile $(realpath /etc/letsencrypt/live/${var.dns_name}/privkey.pem) ",
            "--intermediateCA $(realpath /etc/letsencrypt/live/${var.dns_name}/fullchain.pem) ",
            "-y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}'"
          ]),
        "fmsadmin restart server -y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}"
    ]
    connection {
      type        = "ssh"
      user        = "centos"
      private_key = file(var.key[1])
      host        = aws_eip.fms_ip.public_ip
    }
  }
}

resource "null_resource" "open_fm" {
  depends_on = [aws_eip_association.assoc_and_setup]
  provisioner "local-exec" {
    command = "open fmp://${var.dns_name}/FMServer_Sample"
  }
}

output "fms_instance" {
  value = "${var.dns_name}"
}