# Docker images in use
data "docker_registry_image" "netbox" {
  name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1"
}
data "docker_registry_image" "netbox_postgres" {
  name = "docker.io/postgres:16-alpine"
}
data "docker_registry_image" "netbox_redis" {
  name = "docker.io/redis:7-alpine"
}

# Docker Network
resource "docker_network" "netbox" {
  name = "netbox"
}

# Docker Volumes
resource "docker_volume" "netbox_config" {
  name = "netbox_config"
}
resource "docker_volume" "netbox_media" {
  name = "netbox_media"
}
resource "docker_volume" "netbox_reports" {
  name = "netbox_reports"
}
resource "docker_volume" "netbox_scripts" {
  name = "netbox_scripts"
}
resource "docker_volume" "netbox_database" {
  name = "netbox_database"
}
resource "docker_volume" "netbox_redis" {
  name = "netbox_redis"
}
resource "docker_volume" "netbox_cache" {
  name = "netbox_cache"
}

# Configs
resource "random_password" "postgres_password" {
  length = 32
  special = false
}
resource "random_password" "redis_password" {
  length = 32
  special = false
}
locals {
  CORS_ORIGIN_ALLOW_ALL = true

  DB_HOST=docker_service.netbox_postgres.name
  DB_NAME="netbox"
  DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
  DB_USER="netbox"

  EMAIL_FROM="netbox@bar.com"
  EMAIL_PASSWORD=""
  EMAIL_PORT=25
  EMAIL_SERVER="localhost"
  EMAIL_SSL_CERTFILE=""
  EMAIL_SSL_KEYFILE=""
  EMAIL_TIMEOUT=5
  EMAIL_USERNAME="netbox"
  # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
  EMAIL_USE_SSL=false
  EMAIL_USE_TLS=false

  GRAPHQL_ENABLED=true
  HOUSEKEEPING_INTERVAL=86400
  MEDIA_ROOT="/opt/netbox/netbox/media"
  METRICS_ENABLED=false

  REDIS_CACHE_DATABASE=1
  REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name
  REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
  REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result)
  REDIS_CACHE_SSL=false

  REDIS_DATABASE=0
  REDIS_HOST=docker_service.netbox_redis.name
  REDIS_INSECURE_SKIP_TLS_VERIFY=false
  REDIS_PASSWORD=nonsensitive(random_password.redis_password.result)
  REDIS_SSL=false

  RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases"
  SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X"
  SKIP_SUPERUSER=true
  WEBHOOKS_ENABLED=true
}

# Services
resource "docker_service" "netbox" {
  name = "netbox-app"
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
      user = "unit:root"
      healthcheck {
        test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
        interval = "15s"
        timeout = "3s"
        start_period = "60s"
      }
      mounts {
        target = "/etc/netbox/config"
        type   = "volume"
        source = docker_volume.netbox_config.name
      }
      mounts {
        target = "/opt/netbox/netbox/media"
        type   = "volume"
        source = docker_volume.netbox_media.name
      }
      mounts {
        target = "/opt/netbox/netbox/reports"
        type   = "volume"
        source = docker_volume.netbox_reports.name
      }
      mounts {
        target = "/opt/netbox/netbox/scripts"
        type   = "volume"
        source = docker_volume.netbox_scripts.name
      }
    }
    networks_advanced {
      name = docker_network.loadbalancer.id
    }
    networks_advanced {
      name = docker_network.netbox.id
    }
    restart_policy {
      condition = "any"
      delay     = "0s"
      window    = "0s"
    }
  }
}
resource "docker_service" "netbox_worker" {
  name = "netbox-worker"
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
      user = "unit:root"
      command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",]
      healthcheck {
        test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
        interval = "15s"
        timeout = "3s"
        start_period = "20s"
      }
      mounts {
        target = "/etc/netbox/config"
        type   = "volume"
        source = docker_volume.netbox_config.name
      }
      mounts {
        target = "/opt/netbox/netbox/media"
        type   = "volume"
        source = docker_volume.netbox_media.name
      }
      mounts {
        target = "/opt/netbox/netbox/reports"
        type   = "volume"
        source = docker_volume.netbox_reports.name
      }
      mounts {
        target = "/opt/netbox/netbox/scripts"
        type   = "volume"
        source = docker_volume.netbox_scripts.name
      }
    }
    networks_advanced {
      name = docker_network.netbox.id
    }
    restart_policy {
      condition = "any"
      delay     = "0s"
      window    = "0s"
    }
  }
}
resource "docker_service" "netbox_housekeeping" {
  name = "netbox-housekeeping"
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
      user = "unit:root"
      command = ["/opt/netbox/housekeeping.sh",]
      healthcheck {
        test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
        interval = "15s"
        timeout = "3s"
        start_period = "20s"
      }
      mounts {
        target = "/etc/netbox/config"
        type   = "volume"
        source = docker_volume.netbox_config.name
      }
      mounts {
        target = "/opt/netbox/netbox/media"
        type   = "volume"
        source = docker_volume.netbox_media.name
      }
      mounts {
        target = "/opt/netbox/netbox/reports"
        type   = "volume"
        source = docker_volume.netbox_reports.name
      }
      mounts {
        target = "/opt/netbox/netbox/scripts"
        type   = "volume"
        source = docker_volume.netbox_scripts.name
      }
    }
    networks_advanced {
      name = docker_network.netbox.id
    }
    restart_policy {
      condition = "any"
      delay     = "0s"
      window    = "0s"
    }
  }
}

# Netbox Postgres Database
resource "docker_service" "netbox_postgres" {
  name = "netbox-postgres"
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.netbox_postgres.name}@${data.docker_registry_image.netbox_postgres.sha256_digest}"
      mounts {
        target = "/var/lib/postgresql/data"
        type   = "volume"
        source = docker_volume.netbox_database.name
      }
      env = {
        POSTGRES_DB       = "netbox"
        POSTGRES_USER     = "netbox"
        POSTGRES_PASSWORD = random_password.postgres_password.result

      }
    }
    networks_advanced {
      name = docker_network.netbox.id
    }
    restart_policy {
      condition = "any"
      delay     = "0s"
      window    = "0s"
    }
  }
}

# Netbox Redis
resource "docker_service" "netbox_redis" {
  name = "netbox-redis"
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
      command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ]
      mounts {
        target = "/data"
        type   = "volume"
        source = docker_volume.netbox_database.name
      }
    }
    networks_advanced {
      name = docker_network.netbox.id
    }
    restart_policy {
      condition = "any"
      delay     = "0s"
      window    = "0s"
    }
  }
}
resource "docker_service" "netbox_redis_cache" {
  name = "netbox-redis-cache"
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
      command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ]
      mounts {
        target = "/data"
        type   = "volume"
        source = docker_volume.netbox_database.name
      }
    }
    networks_advanced {
      name = docker_network.netbox.id
    }
    restart_policy {
      condition = "any"
      delay     = "0s"
      window    = "0s"
    }
  }
}