/**
 * # Root Configuration
 *
 * Orchestrates the homelab infrastructure:
 * - **pip**      – Discovers the current public IP for firewall allowlisting.
 * - **pangolin** – Deploys an Azure Linux VM as a reverse-proxy / WireGuard gateway.
 * - **foundry**  – Creates a Proxmox LXC container running Foundry VTT.
 * - **dns**      – Manages Cloudflare DNS records pointing at the Pangolin proxy.
 */

module "pip" {
  source = "./modules/pip"
}

module "pangolin" {
  source                 = "./modules/pangolin"
  ssh_pubkey             = file(var.ssh_pubkey_path)
  allowed_ssh_cidrs_ipv4 = ["${module.pip.ip}/32"]
  admin_username         = var.admin_username
}

module "foundry" {
  source       = "./modules/foundry"
  node_name    = var.node_name
  datastore_id = var.datastore_id
  container_id = 200
  bridge       = var.bridge
  vlan_tag     = 32
  ssh_pubkey   = file(var.ssh_pubkey_path)
}

module "dns" {
  source            = "./modules/dns"
  domain_zone_id    = var.domain_zone_id
  domain_name       = var.domain
  pangolin-proxy-v4 = module.pangolin.public_ipv4
  pangolin-proxy-v6 = module.pangolin.public_ipv6
  cdn_subdomains    = ["foundry"]
}