import * as fs from "fs";
import * as path from "path";
import { Construct } from "constructs";
import { TerraformStack } from "cdktf";
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
import { NamespaceV1 } from "@cdktf/provider-kubernetes/lib/namespace-v1";
import { DataKubernetesSecretV1 } from "@cdktf/provider-kubernetes/lib/data-kubernetes-secret-v1";
import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
import { SecretV1 } from "@cdktf/provider-kubernetes/lib/secret-v1";
import { Release } from "@cdktf/provider-helm/lib/release";
import { CloudflareCertificate, OnePasswordSecret } from "../utils";

export class Netbird extends TerraformStack {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    const kubernetes = new KubernetesProvider(this, "kubernetes", {
      configPath: "~/.kube/config",
    });

    const helm = new HelmProvider(this, "helm", {
      kubernetes: {
        configPath: "~/.kube/config",
      },
    });

    const namespace = "netbird";

    // Create namespace
    new NamespaceV1(this, "namespace", {
      metadata: {
        name: namespace,
      },
    });

    new OnePasswordSecret(this, "netbird-secret", {
      name: "netbird",
      namespace,
      provider: kubernetes,
      itemPath: "vaults/Lab/items/Netbird",
    });

    const pgClientCert = new DataKubernetesSecretV1(
      this,
      "netbird-client-cert",
      {
        provider: kubernetes,
        metadata: {
          name: "netbird-client-cert",
          namespace: "homelab",
        },
      },
    );

    const pgCaCert = new DataKubernetesSecretV1(this, "postgres-ca-cert", {
      provider: kubernetes,
      metadata: {
        name: "postgres-server-cert",
        namespace: "homelab",
      },
    });

    const pgSslBundle = new SecretV1(this, "netbird-postgres-ssl", {
      provider: kubernetes,
      metadata: {
        name: "netbird-postgres-ssl-bundle",
        namespace,
      },
      data: {
        "tls.crt": pgClientCert.data.lookup("tls.crt"),
        "tls.key": pgClientCert.data.lookup("tls.key"),
        "ca.crt": pgCaCert.data.lookup("ca.crt"),
      },
    });

    new CloudflareCertificate(this, "netbird-cloudflare-cert", {
      provider: kubernetes,
      name: "netbird",
      namespace,
      dnsNames: ["vpn.dogar.dev"],
      secretName: "netbird-tls",
    });

    new Release(this, "netbird", {
      dependsOn: [pgSslBundle],
      provider: helm,
      namespace,
      createNamespace: true,
      name: "netbird",
      repository: "https://netbirdio.github.io/helms",
      chart: "netbird",
      values: [fs.readFileSync(path.join(__dirname, "values.yaml"), "utf8")],
    }).importFrom("netbird/netbird");
  }
}