terraform {
  required_version = ">= 1.5.0"

  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "~> 3.0"
    }
    vault = {
      source  = "hashicorp/vault"
      version = "~> 3.25"
    }
    dns = {
      source  = "hashicorp/dns"
      version = "~> 3.4"
    }
  }
}

# Configure the DNS Provider
provider "dns" {
  update {
    server        = data.vault_generic_secret.dns.data["dns_server"]
    key_name      = data.vault_generic_secret.dns.data["key_name"]
    key_algorithm = data.vault_generic_secret.dns.data["key_algorithm"]
    key_secret    = data.vault_generic_secret.dns.data["key_secret"]
  }
}

# Configure the Docker Provider
provider "docker" {
  host = "ssh://ansible@wbyc-srv-docker01.bsdserver.lan:22"

  ssh_opts = ["-i", "${path.module}/.ssh/id_rsa", "-o", "StrictHostKeyChecking=no"]
}

# Configure the Vault Provider
provider "vault" {
  address = "https://wbyc-srv-docker01.bsdserver.lan:8200"

  # Skip TLS verification for self-signed certificates in CI/CD
  # Set VAULT_SKIP_VERIFY=true environment variable in pipeline
  skip_tls_verify = tobool(coalesce(try(var.vault_skip_tls_verify, null), false))

  auth_login {
    path = "auth/approle/login"
    parameters = {
      role_id   = var.role_id
      secret_id = var.secret_id
    }
  }
}