# Description: This file contains the main Terraform configuration for the SonarQube Docker container configuration.

# Define the local variables
locals {
    app_name     = "searxng"
    app_version  = "latest"
    app_src_port = "8080"
    app_dst_port = "8080"
    db_type      = "redis"
    db_version   = "alpine"
    db_src_port  = "6379"
    db_dst_port  = "6379"
}

# Get the ID of the traefik_network
data "docker_network" "traefik_network" {
    name = "traefik_network"
}

# Create Docker volumes dynamically based on service_volumes variable
resource "docker_volume" "service_volume" {
    for_each = toset(flatten([
        for svc, cfg in var.service_volumes : [
            for vol_name, _ in cfg.volumes : vol_name
        ]
    ]))
    name = each.value
}

# Create Docker images dynamically based on service_images variable
resource "docker_image" "database" {
    name = "docker.io/library/${local.db_type}:${local.db_version}"
}

# Create Docker images dynamically based on service_images variable
resource "docker_image" "application" {
    name = "docker.io/${local.app_name}/${local.app_name}:${local.app_version}"
}

# Create Docker images dynamically based on service_images variable
resource "docker_image" "tor" {
    name = "docker.io/shinomineko/torproxy:latest"
}

resource "docker_container" "tor" {
    image    = docker_image.tor.image_id
    name     = "${local.app_name}-tor"
    hostname = "${local.app_name}-tor"
    command  = [
        "--Log", "notice stdout",
        "--RunAsDaemon", "0",
        "--SocksPort", "0.0.0.0:9050"
    ]
    
    networks_advanced {
        name = data.docker_network.traefik_network.name
    }

    #ports {
    #    internal = 9050
    #    external = 9050
    #}

    env = [
        "ALLOW_UNKNOWN=true",
        "SOCKS_PORT=9050"
    ]
}

# Create Docker containers dynamically based on service_volumes variable
resource "docker_container" "db" {
    image    = docker_image.database.image_id
    name     = "${local.app_name}-${local.db_type}-db"
    hostname = "${local.app_name}-db"
    command = ["--save", "30", "1", "--loglevel", "warning"]

    networks_advanced {
        name = data.docker_network.traefik_network.name
    }

    dynamic "volumes" {
        for_each = var.service_volumes["database"].volumes
        iterator = volume
        content {
            volume_name    = docker_volume.service_volume[volume.key].name
            container_path = volume.value
        }
    }

    restart = "always"
    capabilities {
        drop = ["ALL"]
        add = ["SETGID", "SETUID", "DAC_OVERRIDE"]
    }

    #logging {
    #    driver = "json-file"
    #    options = {
    #      "max-size" = "1m"
    #      "max-file" = "1"
    #   }
    #}
}   

# Create Docker containers dynamically based on service_volumes variable
resource "docker_container" "application" {
    image = docker_image.application.image_id
    name  = local.app_name
    hostname = local.app_name
    networks_advanced {
        name = data.docker_network.traefik_network.name
    }
    env = [
        "SEARXNG_BASE_URL=https://search.bsdserver.nl/",
    ]
    
    dynamic "volumes" {
        for_each = var.service_volumes["application"].volumes
        iterator = volume
        content {
            volume_name    = docker_volume.service_volume[volume.key].name
            container_path = volume.value
        }
    }

    capabilities {
        drop = ["ALL"]
        add = ["CHOWN", "SETGID", "SETUID"]
    }
  
    #logging {
    #    driver = "json-file"
    #    options = {
    #      "max-size" = "1m"
    #      "max-file" = "1"
    #    }
    #}

    upload {
        content = file("${path.module}/files/settings.yml")
        file    = "/etc/searxng/settings.yml"
    }

    upload {
        content = file("${path.module}/files/limiter.toml")
        file    = "/etc/searxng/limiter.toml"
    }

    labels {
        label = "traefik.enable"
        value = "true"
    }

    labels {
        label = "traefik.http.routers.searxng.entrypoints"
        value = "websecure"
    }

    labels {    
        label = "traefik.http.routers.searxng.rule"
        value = "Host(`search.bsdserver.nl`)"
    }

    labels {
        label = "traefik.http.services.searxng.loadBalancer.server.port"
        value = 8080
    }

    labels {
        label = "traefik.http.routers.searxng.tls"
        value = "true"
    }

    labels {
        label = "traefik.http.routers.searxng.tls.certresolver"
        value = "production"
    }
    
    labels  {
        label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.Strict-Transport-Security"
        value = "max-age=31536000; includeSubDomains; preload"
    }
  
    labels  {
        label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.X-XSS-Protection"
        value = "1; mode=block"
    }

    labels  {
        label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.X-Content-Type-Options"
        value = "nosniff"
    }

    labels  {
        label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.Permissions-Policy"
        value = "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
    }

    labels  {
        label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.Referrer-Policy"
        value = "no-referrer"
    }

    labels  {
        label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.X-Robots-Tag"
        value = "noindex, noarchive, nofollow"
    }

    labels  {
        label = "traefik.http.routers.searxng.middlewares"
        value = "searxng-headers"
    }

    ##labels {
    ##    label = "traefik.http.routers.searxng.middlewares"
    ##    value = "forward-auth"
    ##}   

    restart = "always"

    depends_on = [
        docker_container.db
    ]
}