# locals {
#   image_file = one(fileset(path.root, "../../../result/nixos-amazon-image-*.vhd"))
# }
#
# # Upload image to S3
# resource "aws_s3_object" "image" {
#   bucket = var.images_bucket
#   key    = basename(local.image_file)
#   source = local.image_file
#   etag   = filemd5(local.image_file)
# }

# Use existing image in S3
data "aws_s3_object" "image" {
  bucket = var.images_bucket
  key    = "arrow.vhd"
}

resource "terraform_data" "image_replacement" {
  input = data.aws_s3_object.image.etag
}

# Setup IAM access for the VM Importer
data "aws_iam_policy_document" "vmimport_trust_policy" {
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      type        = "Service"
      identifiers = ["vmie.amazonaws.com"]
    }
  }
}

data "aws_iam_policy_document" "vmimport" {
  statement {
    actions = [
      "s3:GetBucketLocation",
      "s3:GetObject",
      "s3:ListBucket",
    ]
    resources = [
      "arn:aws:s3:::${data.aws_s3_object.image.bucket}",
      "arn:aws:s3:::${data.aws_s3_object.image.bucket}/*",
    ]
  }
  statement {
    actions = [
      "ec2:ModifySnapshotAttribute",
      "ec2:CopySnapshot",
      "ec2:RegisterImage",
      "ec2:Describe*",
    ]
    resources = ["*"]
  }
}

resource "aws_iam_role" "vmimport" {
  name               = "vmimport"
  assume_role_policy = data.aws_iam_policy_document.vmimport_trust_policy.json
  inline_policy {
    name   = "vmimport"
    policy = data.aws_iam_policy_document.vmimport.json
  }
}

# Import to EBS
resource "aws_ebs_snapshot_import" "image" {
  disk_container {
    format = "VHD"
    user_bucket {
      s3_bucket = data.aws_s3_object.image.bucket
      s3_key    = data.aws_s3_object.image.key
    }
  }

  role_name = aws_iam_role.vmimport.name
  lifecycle {
    replace_triggered_by = [terraform_data.image_replacement]
  }
}

# Convert to AMI
resource "aws_ami" "image" {
  description         = "Created with NixOS."
  name                = replace(basename(data.aws_s3_object.image.key), "/\\.vhd$/", "")
  virtualization_type = "hvm"
  root_device_name    = "/dev/xvda"
  ena_support         = true

  ebs_block_device {
    device_name = "/dev/xvda"
    snapshot_id = aws_ebs_snapshot_import.image.id
    volume_size = 17
  }
}