locals {
  tld               = "fourlights.dev"
  cluster_shortname = "365zon"
  cluster_dns       = "${local.cluster_shortname}.${local.tld}"
  node_count        = 3
  bridge_dns        = "bridge.${local.tld}"
}

module "cluster-init" {
  source          = "../../modules/cluster/init-rke2"
  k8s_config_yaml = local.k8s_config_yaml
}

module "minio" {
  source          = "../../modules/minio"
  wait_on         = module.cluster-init.installed
  k8s_config_yaml = local.k8s_config_yaml

  server_dns   = local.cluster_dns
  service_name = "storage"
  namespace    = "minio"
  mode         = "distributed"
  replicas     = local.node_count

  admin_server_dns = local.cluster_dns   # Restricted admin access, access via bridge

  tls = false  # TLS termination happens on the bridge ingress
  admin        = true
  ingressClass = "nginx"
  storageSize  = "20Gi"
}

module "mongodb" {
  source          = "../../modules/mongodb"
  wait_on         = module.cluster-init.installed
  k8s_config_yaml = local.k8s_config_yaml

  namespace = "mongodb"
  replicas  = local.node_count
}

#module "frontend-minio" {
#  source  = "../../modules/minio/overlay"
#  wait_on = module.minio.installed
#
#  name       = "frontend"
#  server     = module.minio.minio_server
#  access_key = module.minio.minio_access_key
#  secret_key = module.minio.minio_secret_key
#}

module "rabbitmq" {
  source          = "../../modules/rabbitmq"
  wait_on         = module.cluster-init.installed
  k8s_config_yaml = local.k8s_config_yaml

  server_dns = "local"    # Restricted admin access, access via bridge

  service_name = "rabbitmq"
  namespace    = "rabbitmq"

  tls = false  # TLS termination happens on the bridge ingress
  admin        = true
  ingressClass = "nginx"
}


module "postgresql" {
  source = "../../modules/postgresql"

  namespace       = "postgresql"
  k8s_config_yaml = local.k8s_config_yaml
  username        = "bridge"
}

module "zitadel-db" {
  source  = "../../modules/postgresql/tenant"
  wait_on = module.postgresql.installed

  name            = "zitadel"
  root_password   = module.postgresql.root_password
  k8s_config_yaml = local.k8s_config_yaml
}

module "zitadel" {
  source          = "../../modules/zitadel"
  wait_on         = module.zitadel-db.installed
  k8s_config_yaml = local.k8s_config_yaml

  server_dns = local.cluster_dns

  service_name = "zitadel"
  namespace    = "zitadel"

  database_password      = module.zitadel-db.password
  database_root_password = module.postgresql.root_password

  display_on_homepage = true
  ingressClass = "nginx"
}

module "zitadel-bootstrap" {
  source = "../../tenants/fourlights/zitadel"

  domain           = module.zitadel.server
  jwt_profile_file = module.zitadel.jwt_profile_file
  k8s_config_yaml  = local.k8s_config_yaml
}

module "redis" {
  source = "../../modules/redis"

  namespace       = "redis"
  k8s_config_yaml = local.k8s_config_yaml
}

module "tenant-365zon" {
  source = "../../tenants/365zon"

  wait_on = module.minio.installed

  k8s_config_yaml  = local.k8s_config_yaml
  org_id           = module.zitadel-bootstrap.org_id
  user_id          = module.zitadel-bootstrap.user_id
  domain           = module.zitadel.server
  jwt_profile_file = module.zitadel.jwt_profile_file

  minio_access_key = module.minio.minio_access_key
  minio_secret_key = module.minio.minio_secret_key
  minio_server     = module.minio.minio_server
  minio_api_uri    = module.minio.minio_api_uri

  mongodb_connection_string  = module.mongodb.connection_string
  rabbitmq_connection_string = module.rabbitmq.connection_string
}

module "zitadel-argocd" {
  source = "../../tenants/argocd/zitadel"

  org_id           = module.zitadel-bootstrap.org_id
  user_id          = module.zitadel-bootstrap.user_id
  domain           = module.zitadel.server
  jwt_profile_file = module.zitadel.jwt_profile_file

  argocd_service_domain = "argocd.${ local.cluster_dns}"
}

module "argocd" {
  source  = "../../modules/argocd"
  wait_on = module.zitadel-argocd.installed

  namespace       = "argocd"
  k8s_config_yaml = local.k8s_config_yaml

  redis_db_start_index = 0
  redis_password       = module.redis.password
  server_dns           = local.cluster_dns

  oauth_uri           = module.zitadel.server
  oauth_client_id     = module.zitadel-argocd.client_id
  oauth_client_secret = module.zitadel-argocd.client_secret
  oauth_redirect_uri  = "https://${module.zitadel.server}/${module.zitadel-argocd.logoutSuffix}"
  oauth_issuer        = "https://${module.zitadel.server}"

  ingressClass = "nginx"
}

module "monitoring" {
  source = "../../modules/monitoring"
  wait_on = module.argocd.installed

  namespace = "monitoring"
  k8s_config_yaml = local.k8s_config_yaml

  server_dns           = local.cluster_dns
  ingressClass = "nginx"
}

output "argocd-root-password" {
  value     = module.argocd.admin_password
  sensitive = true
}

output "mongodb-connection-string" {
  value     = module.mongodb.connection_string
  sensitive = true
}

output "rabbitmq-connection-string" {
  value     = module.rabbitmq.connection_string
  sensitive = true
}

output "minio-access-key" {
  value     = module.tenant-365zon.minio_access_key
  sensitive = true
}

output "minio-secret-key" {
  value     = module.tenant-365zon.minio_secret_key
  sensitive = true
}

output "monitoring" {
  value = module.monitoring.access_instructions
  sensitive = true
}

output "minio-root-access-key" {
  value     = module.minio.minio_access_key
  sensitive = true
}

output "minio-root-secret-key" {
  value     = module.minio.minio_secret_key
  sensitive = true
}