terraform {
  required_version = ">= 1.0.4, < 2.0.0"

  required_providers {
    postgresql = {
      source  = "cyrilgdn/postgresql"
      version = ">= 1.21.0"
    }
  }

  backend "s3" {
    endpoints = {
      s3 = "http://s3.localdomain"
    }
    //@formatter:off
    key                         = "postgres.tfstate"
    bucket                      = "terraform"
    region                      = "FR"
    skip_credentials_validation = true
    skip_requesting_account_id  = true
    skip_region_validation      = true
    skip_metadata_api_check     = true
    shared_credentials_files    = ["~/.aws/credentials"]
    profile                     = "minio"
    use_path_style              = true
    //@formatter:on
  }
}

locals {
  # because merge function didn't support deep merging
  # order matter because otherwise typing contained in var.connections is set as value in the result local.connection
  connection = {for key, config in var.connections : key => merge(config, local.private_connection[key])}
  private_connection = {
    "default" = {
      db   = "postgres"
      host = "database.localdomain"
      port = 5432
    },
    "prod" = {
      db   = "postgres"
      host = "database-trusted-primate.localdomain"
      port = 5432
    }
  }
}

provider "postgresql" {
  host            = local.connection[terraform.workspace].host
  port            = local.connection[terraform.workspace].port
  database        = local.connection[terraform.workspace].db
  username        = local.connection[terraform.workspace].username
  password        = local.connection[terraform.workspace].password
  sslmode         = "disable"
  connect_timeout = 15
}

module "ampere" {
  source        = "./generic-database"
  database_name = "ampere"
  username      = "ampere_user"
}

module "cfssl" {
  source        = "./generic-database"
  database_name = "cfssl"
  username      = "cfssl"
  collate       = "en_US.utf8"
  ctype         = "en_US.utf8"
}

module "gitea" {
  source        = "./generic-database"
  database_name = "gitea_db"
  username      = "gitea"
  privileges = ["CREATE", "CONNECT", "TEMPORARY"]
}

module "keycloak" {
  source        = "./generic-database"
  database_name = "keycloak"
  username      = "keycloak"
  privileges = ["CREATE", "CONNECT", "TEMPORARY"]
}

module "nextcloud" {
  source        = "./generic-database"
  database_name = "nextcloud"
  username      = "nextcloud"
  privileges = ["CREATE", "CONNECT", "TEMPORARY"]
}

module "favorite_link" {
  source        = "./generic-database"
  database_name = "favorite-link"
  username      = "favorite-link"
}

output "ampere_account" {
  value     = module.ampere.account
  sensitive = true
}
output "cfssl_account" {
  value     = module.cfssl.account
  sensitive = true
}
output "gitea_account" {
  value     = module.gitea.account
  sensitive = true
}
output "keycloak_account" {
  value     = module.keycloak.account
  sensitive = true
}
output "nextcloud_account" {
  value     = module.nextcloud.account
  sensitive = true
}
output "favorite_link_account" {
  value     = module.favorite_link.account
  sensitive = true
}