provider "cloudflare" {
  api_token = var.cloudflare_api_token
}

data "cloudflare_zones" "homelab_main_domain" {
  filter {
    name = var.homelab_main_domain
  }
}

# www
variable "homelab_www_domain" {
  default = "clarkzjw.cc"
}

variable "homelab_www_ip" {
  default = "8.8.8.8"
}

resource "cloudflare_record" "main" {
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
  name    = var.homelab_www_domain
  value   = var.homelab_www_ip
  type    = "A"

  ttl     = 1
  proxied = true
}

# Argo tunnel
resource "random_id" "atlas_tunnel_secret" {
  byte_length = 35
}

resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
  account_id = var.cloudflare_account_id
  name       = "${var.homelab_main_domain}-tunnel"
  secret     = random_id.atlas_tunnel_secret.b64_std
}

resource "cloudflare_record" "bt" {
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
  name    = "bt.${var.homelab_main_domain}"
  value   = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
  type    = "CNAME"
  proxied = true
}

resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
  account_id = var.cloudflare_account_id
  tunnel_id  = cloudflare_argo_tunnel.atlas_main_tunnel.id

  config {
    ingress_rule {
      hostname = "bt.${var.homelab_main_domain}"
      path     = "/"
      service  = "http://127.0.0.1:8080"
    }
    ingress_rule {
      service = "http_status:404"
    }
  }
}

resource "cloudflare_access_application" "bt" {
  zone_id                   = data.cloudflare_zones.homelab_main_domain.zones[0].id
  name                      = "bt.${var.homelab_main_domain}"
  domain                    = "bt.${var.homelab_main_domain}"
  type                      = "self_hosted"
  session_duration          = "24h"
  auto_redirect_to_identity = false
}

resource "cloudflare_access_policy" "bt" {
  application_id = cloudflare_access_application.bt.id
  zone_id        = data.cloudflare_zones.homelab_main_domain.zones[0].id
  name           = "Allow"
  precedence     = "1"
  decision       = "allow"

  include {
    email = [var.cloudflare_access_application_email]
  }
}

# notify
resource "cloudflare_record" "notify_SPF" {
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
  # type = "SPF" causes DNS Validation Error (1004)
  # https://github.com/cloudflare/terraform-provider-cloudflare/issues/1473
  type  = "TXT"
  name  = "notify.${var.homelab_main_domain}"
  value = "v=spf1 include:mailgun.org ~all"

  ttl = 1
}

resource "cloudflare_record" "notify_DKIM" {
  name    = "pic._domainkey.notify.${var.homelab_main_domain}"
  type    = "TXT"
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
  value   = var.homelab_notify_DKIM
}

resource "cloudflare_record" "notify_CNAME" {
  name    = "email.notify.${var.homelab_main_domain}"
  type    = "CNAME"
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
  value   = "mailgun.org"
}

resource "cloudflare_record" "notify_MX_a" {
  name     = "notify.${var.homelab_main_domain}"
  type     = "MX"
  zone_id  = data.cloudflare_zones.homelab_main_domain.zones[0].id
  value    = "mxa.mailgun.org"
  priority = 10
}

resource "cloudflare_record" "notify_MX_b" {
  name     = "notify.${var.homelab_main_domain}"
  type     = "MX"
  zone_id  = data.cloudflare_zones.homelab_main_domain.zones[0].id
  value    = "mxb.mailgun.org"
  priority = 10
}