# Cloud-init configuration for all VMs
#
# This file manages cloud-init disks for all VMs using the proxmox_cloud_init_disk resource.
# VMs with flake_branch set will include NIXOS_FLAKE_BRANCH environment variable.

resource "proxmox_cloud_init_disk" "ci" {
  for_each = local.vm_configs

  name     = each.key
  pve_node = each.value.target_node
  storage  = "local" # Cloud-init disks must be on storage that supports ISO/snippets

  # User data includes SSH keys and optionally NIXOS_FLAKE_BRANCH and Vault credentials
  user_data = <<-EOT
  #cloud-config
  ssh_authorized_keys:
    - ${each.value.ssh_public_key}
${each.value.flake_branch != null || each.value.vault_wrapped_token != null ? <<-FILES
  write_files:
    - path: /run/cloud-init-env
      content: |
        %{~ if each.value.flake_branch != null ~}
        NIXOS_FLAKE_BRANCH=${each.value.flake_branch}
        %{~ endif ~}
        %{~ if each.value.vault_wrapped_token != null ~}
        VAULT_ADDR=https://vault01.home.2rjus.net:8200
        VAULT_WRAPPED_TOKEN=${each.value.vault_wrapped_token}
        VAULT_SKIP_VERIFY=1
        %{~ endif ~}
      permissions: '0600'
FILES
: ""}
  EOT

# Network configuration - static IP or DHCP
network_config = each.value.ip != null ? yamlencode({
  version = 1
  config = [{
    type = "physical"
    name = "ens18"
    subnets = [{
      type            = "static"
      address         = each.value.ip
      gateway         = each.value.gateway
      dns_nameservers = split(" ", each.value.nameservers)
      dns_search      = [each.value.search_domain]
    }]
  }]
  }) : yamlencode({
  version = 1
  config = [{
    type = "physical"
    name = "ens18"
    subnets = [{
      type = "dhcp"
    }]
  }]
})

# Instance metadata
meta_data = yamlencode({
  instance_id    = sha1(each.key)
  local-hostname = each.key
})
}