resource "google_compute_disk" "forgejo_data" {
  name = "forgejo-data"
  type = "pd-standard"
  size = 20
  zone = var.zone

  lifecycle {
    prevent_destroy = true
  }
}

resource "google_compute_instance" "forgejo" {
  name         = "forgejo"
  machine_type = "e2-micro"
  zone         = var.zone
  tags         = ["forgejo"]

  boot_disk {
    initialize_params {
      image = "cos-cloud/cos-stable"
      size  = 10
      type  = "pd-standard"
    }
  }

  attached_disk {
    source      = google_compute_disk.forgejo_data.id
    device_name = "forgejo-data"
  }

  network_interface {
    network = "default"
    access_config {
      nat_ip = google_compute_address.forgejo.address
    }
  }

  metadata = {
    user-data = templatefile("${path.module}/../cloud-init/user-data.yaml.tpl", {
      domain            = var.domain
      forgejo_image     = var.forgejo_image
      caddy_image       = var.caddy_image
      gcs_backup_bucket = google_storage_bucket.backups.name
      project_id        = var.project_id
    })
    google-logging-enabled = "true"
    cos-update-strategy    = "update_enabled"
    enable-oslogin         = "TRUE"
  }

  service_account {
    email  = google_service_account.forgejo.email
    scopes = ["cloud-platform"]
  }

  allow_stopping_for_update = true

  depends_on = [
    google_secret_manager_secret_iam_member.forgejo_secrets,
    google_storage_bucket_iam_member.backups_writer,
  ]
}