terraform {
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.27.0"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "4.28.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.5"
    }
  }
}

provider "cloudflare" {
  api_token = var.cloudflare_api_token
}

provider "kubernetes" {
  config_path = var.kube_config_path
}

data "cloudflare_zone" "module" {
  zone_id = var.cloudflare_zone_id
}

resource "cloudflare_record" "module" {
  zone_id = data.cloudflare_zone.module.id
  name    = var.cloudflare_subdomain
  value   = var.cloudflare_ingress_host
  type    = "CNAME"
  proxied = true
}

locals {
  domain_name = "${cloudflare_record.module.name}.${data.cloudflare_zone.module.name}"
}

resource "tls_private_key" "origin" {
  algorithm = "RSA"
}

resource "tls_cert_request" "origin" {
  private_key_pem = tls_private_key.origin.private_key_pem
  subject {
    common_name  = ""
    organization = "paltiverse"
  }
}

resource "cloudflare_origin_ca_certificate" "origin" {
  request_type       = "origin-rsa"
  requested_validity = 5475
  hostnames          = [local.domain_name]
  csr                = tls_cert_request.origin.cert_request_pem
}

resource "kubernetes_secret_v1" "tls" {
  metadata {
    namespace = kubernetes_namespace_v1.gitea.metadata[0].name
    name      = "tls"
  }
  data = {
    "tls.crt" : cloudflare_origin_ca_certificate.origin.certificate
    "tls.key" : tls_private_key.origin.private_key_pem
  }
  type = "kubernetes.io/tls"
}