resource "google_project_service" "compute" {
  project            = var.project_id
  service            = "compute.googleapis.com"
  disable_on_destroy = false
}

resource "google_compute_firewall" "yunohost_allow" {
  name        = "allow-yunohost"
  network     = "default"
  direction   = "INGRESS"
  allow {
    protocol = "tcp"
    ports    = ["22", "25", "80", "443", "587", "993", "5222", "5269"]
  }
  allow {
    protocol = "udp"
    ports    = ["53", "5353"]
  }
  source_ranges = ["0.0.0.0/0"]
  target_tags   = ["yunohost"]
}

resource "google_compute_address" "static_ip" {
  name = "yunohost-static-ip"
}

resource "google_compute_instance" "yunohost" {
  name         = "yunohost"
  machine_type = "e2-small"
  zone         = "us-west1-a"
  tags         = ["yunohost"]
  boot_disk {
    initialize_params {
      image = "projects/debian-cloud/global/images/family/debian-12"
      size  = 30
      type  = "pd-standard"
    }
  }
  network_interface {
    network = "default"
    access_config {
      nat_ip = google_compute_address.static_ip.address
    }
  }
  metadata = {
    startup-script = file("${path.module}/startup.sh")
  }
  depends_on = [google_project_service.compute]
}

output "external_ip" {
  value = google_compute_instance.yunohost.network_interface[0].access_config[0].nat_ip
}