data "docker_network" "traefik" {
  name = "traefik"
}

data "docker_registry_image" "unifi-controller" {
  name = local.docker_image_controller
}

resource "docker_image" "unifi-controller" {
  name          = data.docker_registry_image.unifi-controller.name
  pull_triggers = [data.docker_registry_image.unifi-controller.sha256_digest]
}

resource "docker_volume" "unifi-controller" {
  name = "unifi-controller-new"
}

resource "docker_container" "unifi-controller" {
  image    = docker_image.unifi-controller.image_id
  name     = "unifi-controller"
  hostname = "unifi-controller"
  #  privileged = true
  #  must_run   = false

  networks_advanced {
    name = data.docker_network.traefik.name
  }

  networks_advanced {
    name = docker_network.unifi.name
  }

  dynamic "ports" {
    for_each = [
      # Taken from https://fleet.linuxserver.io/image?name=linuxserver/unifi-controller
      { port = 1900, proto = "udp" }, # Required for Make controller discoverable on L2 network option
      { port = 3478, proto = "udp" }, # Unifi STUN port
      { port = 5514, proto = "tcp" }, # Remote syslog port
      { port = 6789, proto = "tcp" }, # For mobile throughput test
      { port = 8080, proto = "tcp" }, # Required for device communication

      # Public HTTP is handled by traefik
      # { port = 8443, proto = "tcp" }, # Unifi web admin port

      # Not used
      # { port = 8843, proto = "tcp" }, # Unifi guest portal HTTPS redirect port
      # { port = 8880, proto = "tcp" }, # Unifi guest portal HTTP redirect port

      { port = 10001, proto = "udp" }, # Required for AP discovery
    ]
    content {
      internal = ports.value["port"]
      external = ports.value["port"]
      protocol = ports.value["proto"]
      ip       = local.public_ip
    }
  }

  volumes {
    volume_name    = docker_volume.unifi-controller.name
    read_only      = false
    container_path = "/config"
  }

  dynamic "labels" {
    for_each = [
      { label = "traefik.enable", value = "true" },
      { label = "traefik.http.routers.unifi-controller.rule", value = "Host(`${local.domain_name}`)" },
      { label = "traefik.http.routers.unifi-controller.entrypoints", value = "websecure" },
      { label = "traefik.http.routers.unifi-controller.tls.certresolver", value = "linode" },
      { label = "traefik.http.services.unifi-controller.loadbalancer.server.port", value = "8443" },
      { label = "traefik.http.services.unifi-controller.loadbalancer.server.scheme", value = "https" },
      { label = "traefik.docker.network", value = "traefik" },
      #      { label = "traefik.http.services.unifi-controller.loadbalancer.passHostHeader", value = "false" },
    ]
    content {
      label = labels.value["label"]
      value = labels.value["value"]
    }
  }

  env = [
    "PUID=1000",
    "PGID=1000",
    "TZ=Europe/Oslo",
    "MEM_LIMIT=default",
    "MONGO_USER=${local.mongo_username}",
    "MONGO_PASS=${local.mongo_password}",
    "MONGO_HOST=${docker_container.unifi-mongo.hostname}",
    "MONGO_PORT=27017",
    "MONGO_DBNAME=${local.mongo_database}",
  ]
}