data "hcloud_zone" "zone" {
  name = local.domain
}

// Attach the load balancer to the domain.
resource "hcloud_zone_rrset" "records" {
  for_each = toset(["@", "*"])
  zone     = data.hcloud_zone.zone.name
  name     = each.value
  type     = "A"
  ttl      = 60
  records  = [{ value = hcloud_load_balancer.lb.ipv4 }]

  change_protection = false
}

// A managed certificate for the domain, to be used by the load balancer.
resource "hcloud_managed_certificate" "main" {
  name         = local.certificate_name
  domain_names = ["*.${local.domain}", "${local.domain}"]
}

resource "hcloud_load_balancer_service" "load_balancer_service" {
  load_balancer_id = hcloud_load_balancer.lb.id
  protocol         = "https"

  http {
    sticky_sessions = true
    certificates    = [hcloud_managed_certificate.main.id]
    redirect_http   = true
  }
}