resource "aws_route53_zone" "gmemca" {
  name = "gmem.ca"
}

resource "aws_route53_record" "flood" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "flood"
  type    = "A"
  ttl     = 3600
  records = ["100.116.48.47"]
}

resource "aws_route53_record" "request-media" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "request-media"
  type    = "A"
  ttl     = 3600
  records = ["100.116.48.47"]
}

resource "aws_route53_record" "git" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "git"
  type    = "A"
  ttl     = 300
  records = ["141.147.109.157"]
}

resource "aws_route53_record" "food" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "food"
  type    = "A"
  ttl     = 300
  records = ["141.147.109.157"]
}

resource "aws_route53_record" "nix-cache" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "nix-cache"
  type    = "A"
  ttl     = 300
  records = ["141.147.94.210"]
}

resource "aws_route53_record" "fursona" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "fursona"
  type    = "CNAME"
  ttl     = 300
  records = ["cname.vercel-dns.com."]
}

resource "aws_route53_record" "atuin" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "atuin"
  type    = "A"
  ttl     = 3600
  records = ["100.77.43.133"]

}

resource "aws_route53_record" "n8n" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "n8n"
  type    = "A"
  ttl     = 3600
  records = ["100.116.48.47"]
}

resource "aws_route53_record" "hb" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "hb"
  type    = "A"
  ttl     = 300
  records = ["100.77.43.133"]
}

resource "aws_route53_record" "freshrss" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "freshrss"
  type    = "A"
  ttl     = 300
  records = ["100.77.43.133"]
}

resource "aws_route53_record" "ntfy" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "ntfy"
  type    = "A"
  ttl     = 300
  records = ["100.77.43.133"]
}

resource "aws_route53_record" "dref" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "dref"
  type    = "A"
  ttl     = 300
  records = ["100.77.43.133"]
}

resource "aws_route53_record" "gmem-ca-mx" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "gmem.ca"
  type    = "MX"
  records = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
  ttl     = 300
}

resource "aws_route53_record" "gmem-ca-mail-cname" {
  for_each = {
    "fm1._domainkey" = "fm1.gmem.ca.dkim.fmhosted.com"
    "fm2._domainkey" = "fm2.gmem.ca.dkim.fmhosted.com"
    "fm3._domainkey" = "fm3.gmem.ca.dkim.fmhosted.com"
  }

  zone_id = aws_route53_zone.gmemca.zone_id
  name    = each.key
  records = [each.value]
  type    = "CNAME"
  ttl     = 300
}
resource "aws_route53_record" "gmem-ca-mail-txt" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "gmem.ca"
  type    = "TXT"
  records = ["v=spf1 include:spf.messagingengine.com include:spf.mushu.services.floofy.tech ?all"]
  ttl     = 300
}

resource "aws_route53_record" "postal-dkim" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "postal-d6U33J._domainkey"
  type    = "TXT"
  ttl     = 300
  records = ["v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoSvi65zRk8yn0IySfXWyNzeQpz8DEg8ZnmR/Kqq+Ga890KoINkQHB0toQu/iURjmLo+2mYKMxkAMWZPEsKaNsBCLBB55NCvq3/jeJdjOKYLplc51KSdxSb3AGokGqwCDhQ8u+MJty/R3QOHbzndddQTnSG0ApDkJNiPdFVnXnewIDAQAB;"]
}

resource "aws_route53_record" "postal-cname" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = "psrp"
  type    = "CNAME"
  ttl     = 300
  records = ["rp.mushu.services.floofy.tech"]
}


# S3 bucket static site
resource "aws_s3_bucket" "gmem-ca-static_site" {
  bucket = "gmem.ca"

  tags = {
    Name = "gmem.ca"
  }

}

resource "aws_cloudfront_origin_access_identity" "oai" {
  comment = "OAI for the static site"
}


resource "aws_s3_bucket_policy" "gmem-ca-static_site" {
  bucket = aws_s3_bucket.gmem-ca-static_site.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Sid    = "Restrict access to CloudFront OAI"
        Effect = "Allow"
        Principal = {
          AWS = "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${aws_cloudfront_origin_access_identity.oai.id}"
        }
        Action   = "s3:GetObject"
        Resource = "arn:aws:s3:::${aws_s3_bucket.gmem-ca-static_site.bucket}/*"
      }
    ]
  })
}

resource "aws_s3_bucket_website_configuration" "gmem-ca-static_site" {
  bucket = aws_s3_bucket.gmem-ca-static_site.id

  index_document {
    suffix = "index.html"
  }

  error_document {
    key = "error.html"
  }
}

output "website_endpoint" {
  value = aws_s3_bucket_website_configuration.gmem-ca-static_site.website_domain
}

resource "aws_route53_record" "gmem-ca-cert_validation" {
  name    = "_3adc54fd4a6993b9586a54e190b9fb71.gmem.ca"
  records = [
	"_094fa9d82c24dca77f6e9059f535d155.fpgkgnzppq.acm-validations.aws."
  ]
  ttl     = 60
  type    = "CNAME"
  zone_id = aws_route53_zone.gmemca.zone_id
}

resource "aws_cloudfront_distribution" "gmem-ca-s3_distribution" {
  origin {
    domain_name = aws_s3_bucket.gmem-ca-static_site.bucket_regional_domain_name
    origin_id   = "S3-${aws_s3_bucket.gmem-ca-static_site.id}"

    s3_origin_config {
      origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path

    }
  }

  origin {
    connection_attempts = 3
    connection_timeout  = 10
    domain_name         = "8vs70xammd.execute-api.eu-west-2.amazonaws.com"
	origin_id           = "8vs70xammd.execute-api.eu-west-2.amazonaws.com"
	origin_path         = "/default"

    custom_origin_config {
      http_port                = 80
      https_port               = 443
      origin_keepalive_timeout = 5
      origin_protocol_policy   = "https-only"
      origin_read_timeout      = 30
      origin_ssl_protocols = [
        "TLSv1.2"
      ]
    }
  }

  enabled             = true
  is_ipv6_enabled     = true
  comment             = "S3 Static Site Distribution for gmem.ca"
  default_root_object = "index.html"

  aliases = [ "gmem.ca", "arch.dog" ]

  default_cache_behavior {
    allowed_methods            = ["GET", "HEAD", "OPTIONS"]
    cached_methods             = ["GET", "HEAD", "OPTIONS"]
    target_origin_id           = "S3-${aws_s3_bucket.gmem-ca-static_site.id}"
    response_headers_policy_id = "60669652-455b-4ae9-85a4-c4c02393f86c"

    forwarded_values {
      query_string = true

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  ordered_cache_behavior {
    path_pattern     = "/.well-known/webfinger"
    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
    cached_methods   = ["GET", "HEAD", "OPTIONS"]
	target_origin_id = "8vs70xammd.execute-api.eu-west-2.amazonaws.com"
	compress         = true
    forwarded_values {
      query_string = true
      headers      = ["Origin", "Accept", "Content-Type"]

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  viewer_certificate {
    acm_certificate_arn      = "arn:aws:acm:us-east-1:939265269301:certificate/1aa4bae9-701d-4f55-bad4-85144f6c1297"
    ssl_support_method       = "sni-only"
    minimum_protocol_version = "TLSv1.2_2021"
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  tags = {
    Name = "gmem.ca"
  }
}

resource "aws_route53_record" "gmem-ca" {
  zone_id = aws_route53_zone.gmemca.zone_id
  name    = aws_route53_zone.gmemca.name
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.gmem-ca-s3_distribution.domain_name
    zone_id                = aws_cloudfront_distribution.gmem-ca-s3_distribution.hosted_zone_id
    evaluate_target_health = false
  }
}