variable "terraform-nixos" {
  type = string
}

variable "domain" {
  type = string
  default = "fediversity.net"
}

variable "mastodon" {
  type = object({
    enable = bool
  })
  default = {
    enable = false
  }
}

variable "pixelfed" {
  type = object({
    enable = bool
  })
  default = {
    enable = false
  }
}

variable "peertube" {
  type = object({
    enable = bool
  })
  default = {
    enable = false
  }
}

variable "initialUser" {
  type = object({
    displayName = string
    username = string
    email = string
    # TODO: mark (nested) credentials as sensitive
    # https://discuss.hashicorp.com/t/is-it-possible-to-mark-an-attribute-of-an-object-as-sensitive/24649/2
    password = string
  })
  default = {
    displayName = "Testy McTestface"
    username = "test"
    email = "test@test.com"
    password = "testtest"
  }
}

# TODO: could this straight-up be added in the child module instead?
variable "ssh_private_key_file" {
  type        = string
  description = "Path to private key used to connect to the target_host"
  default     = ""
}

variable "deploy_environment" {
  type        = map(string)
  description = "Extra environment variables to be set during deployment."
  default     = {}
}

locals {
  system = "x86_64-linux"
  pins = data.external.pins.result
  peripheral_services = {
    garage = "test01"
  }
  applications = {
    mastodon = {
      cfg = var.mastodon
      hostname = "test06"
    }
    pixelfed = {
      cfg = var.pixelfed
      hostname = "test04"
    }
    peertube = {
      cfg = var.peertube
      hostname = "test03"
    }
  }
  peripheral = { for name, inst in local.peripheral_services : name => {
      hostname = inst
      cfg = {
        enable = anytrue([for _, app in local.applications: app.cfg.enable])
      }
    }
  }
}

data "external" "pins" {
  program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"]
}

module "deploy" {
  source = "${var.terraform-nixos}//deploy_nixos"
  for_each = {for name, inst in merge(
    local.peripheral,
    local.applications,
  ) : name => inst if inst.cfg.enable}
  ssh_private_key_file = var.ssh_private_key_file
  target_host = "${each.value.hostname}.abundos.eu"
  target_user= "root" # FIXME: #24
  target_system = local.system
  NIX_PATH = join(":", [for name, path in local.pins : "${name}=${path}"])
  deploy_environment = var.deploy_environment
  config_pwd = path.root
  config = <<-EOT
    {
      terraform = builtins.fromJSON ''${jsonencode({
        domain = var.domain
        hostname = each.value.hostname
        initialUser = var.initialUser
      })}'';
      imports = [
        ${path.root}/options.nix
        ${path.root}/shared.nix
        ${path.root}/${each.key}.nix
        # FIXME: get VM details from TF
        ${path.root}./infra/test-machines/${each.value.hostname}
      ];
    }
  EOT
  perform_gc = false
  build_on_target = false
  triggers = {
    pins = jsonencode(local.pins)
  }
}