# =============================================================================
# Realms App Server Infrastructure
# Separate Terraform state from git infrastructure (jump host + Forgejo)
# =============================================================================

locals {
  common_tags = concat([
    var.project_name,
    var.environment,
    "terraform-managed",
    "app-server"
  ], var.tags)
}

# =============================================================================
# SSH Keys
# =============================================================================

# Get all SSH keys on account
data "digitalocean_ssh_keys" "all" {}

# Find the internal VPC key (created by devops/terraform for jump host access)
locals {
  internal_key_name = "${var.project_name}-${var.environment}-internal-key"
  internal_key_ids  = [for k in data.digitalocean_ssh_keys.all.ssh_keys : k.id if k.name == local.internal_key_name]

  # Combine: internal key (for jump host) + all admin keys
  all_ssh_key_ids = distinct(concat(
    local.internal_key_ids,
    [for k in data.digitalocean_ssh_keys.all.ssh_keys : k.id]
  ))
}

# =============================================================================
# App Server Module
# =============================================================================

module "app_server" {
  source = "./modules/app_server"

  project_name     = var.project_name
  environment      = var.environment
  region           = var.region
  vpc_uuid         = var.vpc_uuid
  vpc_ip_range     = var.vpc_ip_range
  ssh_keys         = local.all_ssh_key_ids
  droplet_size     = var.app_droplet_size
  droplet_image    = var.app_droplet_image
  ssh_port         = var.app_ssh_port
  domain           = var.app_domain
  enable_backups   = var.enable_droplet_backups
  tags             = local.common_tags
  manage_dns       = var.manage_dns
  dns_zone         = var.dns_zone
  dns_record_name  = var.dns_record_name
  forgejo_registry = var.forgejo_registry
}