# =============================================================================
# Jump Host (Bastion) Droplet
# =============================================================================

data "cloudinit_config" "jump_host" {
  gzip          = false
  base64_encode = false

  part {
    content_type = "text/cloud-config"
    content = templatefile("${path.module}/cloud-init.yaml.tpl", {
      ssh_port             = var.ssh_port
      vpc_ip_range         = var.vpc_ip_range
      internal_private_key = var.internal_private_key
    })
  }
}

resource "digitalocean_droplet" "jump_host" {
  name     = "${var.project_name}-jump-${var.environment}"
  size     = var.droplet_size
  image    = var.droplet_image
  region   = var.region
  vpc_uuid = var.vpc_uuid

  ssh_keys   = var.ssh_keys
  backups    = var.enable_backups
  monitoring = true
  ipv6       = true

  user_data = data.cloudinit_config.jump_host.rendered

  tags = var.tags

  lifecycle {
    create_before_destroy = false
    ignore_changes        = [user_data]  # Don't recreate on cloud-init changes
  }
}