# Description: This file contains the main Terraform configuration for the Nexus Docker container configuration.

# Define the local variables
locals {
  app_name     = "nexus"
  app_version  = "latest"
  app_src_port = "8081"
}

# Get the ID of the traefik_network
data "docker_network" "traefik_network" {
  name = "traefik_network"
}

# Create Docker image for Nexus
resource "docker_image" "application" {
  name = "sonatype/nexus3:${local.app_version}"
}

# Create Docker container for Nexus
resource "docker_container" "application" {
  image    = docker_image.application.image_id
  name     = local.app_name
  hostname = local.app_name
  user     = "200:200"
  restart  = "unless-stopped"

  networks_advanced {
    name = data.docker_network.traefik_network.name
  }

  env = [
    "INSTALL4J_ADD_VM_PARAMS=-Xms1024m -Xmx2048m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
  ]

  # Mount host path for persistent data (existing data from previous deployment)
  volumes {
    host_path      = "/opt/nexus-data"
    container_path = "/nexus-data"
  }

  # Traefik labels for ingress
  labels {
    label = "traefik.enable"
    value = "true"
  }

  labels {
    label = "traefik.http.routers.nexus.entrypoints"
    value = "websecure"
  }

  labels {
    label = "traefik.http.routers.nexus.rule"
    value = "Host(`nexus.${var.domain}`)"
  }

  labels {
    label = "traefik.http.services.nexus.loadBalancer.server.port"
    value = local.app_src_port
  }

  labels {
    label = "traefik.http.routers.nexus.tls"
    value = "true"
  }

  labels {
    label = "traefik.http.routers.nexus.tls.certresolver"
    value = "production"
  }

  # Health check
  healthcheck {
    test         = ["CMD", "curl", "-f", "http://localhost:8081/service/rest/v1/status"]
    interval     = "30s"
    timeout      = "10s"
    retries      = 5
    start_period = "120s"
  }

  # Resource limits
  memory = 4096

  lifecycle {
    ignore_changes = [network_mode]
  }
}