# Production environment Terraform configuration
# Uses OVH provider for production VPS provisioning

terraform {
  required_version = ">= 1.5.0"

  required_providers {
    ovh = {
      source  = "ovh/ovh"
      version = "~> 0.42.0"
    }
    random = {
      source  = "hashicorp/random"
      version = "~> 3.5.0"
    }
  }

  backend "s3" {
    bucket = "ydn-terraform-state"
    key    = "production/terraform.tfstate"
    region = "GRA"
  }
}

provider "ovh" {
  endpoint           = var.ovh_endpoint
  application_key    = var.ovh_application_key
  application_secret = var.ovh_application_secret
  consumer_key       = var.ovh_consumer_key
}

# Variables
variable "ovh_endpoint" {
  default = "ovh-eu"
}

variable "ovh_application_key" {
  type      = string
  sensitive = true
}

variable "ovh_application_secret" {
  type      = string
  sensitive = true
}

variable "ovh_consumer_key" {
  type      = string
  sensitive = true
}

variable "ssh_key_id" {
  type    = string
  default = "ydn-deploy-key"
}

variable "instance_count" {
  type    = number
  default = 1
}

# SSH Key for VM access
resource "ovh_cloud_project_ssh_key" "deploy" {
  name        = var.ssh_key_id
  public_key  = file("~/.ssh/ydn-deploy.pub")
  project_id  = var.ovh_project_id
}

# Production VPS instance
resource "ovh_cloud_project_instance" "vps" {
  count        = var.instance_count
  name         = "ydn-prod-vps-${count.index}"
  project_id   = var.ovh_project_id
  flavor       = "vps-standard-2-4-40" # 2 vCPU, 4GB RAM, 40GB SSD
  image        = "Debian 12"
  ssh_key_id   = ovh_cloud_project_ssh_key.deploy.id
  region       = "GRA7" # Gravelines

  tags = [
    "Environment:production",
    "Application:ydn",
    "ManagedBy:terraform"
  ]
}

# Network security
resource "ovh_cloud_project_network_public" "private" {
  project_id = var.ovh_project_id
  name       = "ydn-private-network"
  regions    = ["GRA7"]
}

resource "ovh_cloud_project_network_public_subnet" "subnet" {
  project_id = var.ovh_cloud_project_network_public.private.project_id
  network_id = ovh_cloud_project_network_public.private.id
  name       = "ydn-subnet"
  region     = "GRA7"
  cidr       = "192.168.0.0/24"
}

# Outputs
output "vps_ips" {
  description = "IP addresses of production VPS instances"
  value       = ovh_cloud_project_instance.vps[*].ip_address
}

output "vps_names" {
  description = "Names of production VPS instances"
  value       = ovh_cloud_project_instance.vps[*].name
}