# An elastic IP, so if the reverse proxy is modified, the route tables won't.
resource "aws_eip" "public" {
  instance = aws_instance.this.id
  domain   = "vpc"
}

# An instance profile for access via AWS SSM.
resource "aws_iam_instance_profile" "ssm" {
  name = "SSMInstanceProfile"
  role = "AmazonSSMRoleForInstancesQuickSetup"
}

# The Gitea instance.
resource "aws_instance" "this" {
  # ami           = data.aws_ami.amazon-linux-2.id
  ami           = "ami-0adec96dc0cdc7bca"
  instance_type = "t4g.nano"
  subnet_id     = module.vpc.public_subnets[0]

  user_data                   = file("install.sh")
  user_data_replace_on_change = false

  iam_instance_profile   = aws_iam_instance_profile.ssm.name
  vpc_security_group_ids = [aws_security_group.public_access.id]
  
  metadata_options {
    http_tokens = "required"
  }

  root_block_device {
    volume_type = "gp3"
    volume_size = 8
  }

  tags = {
    Name = "Codebase: Gitea"
  }
}

resource "aws_ec2_instance_state" "this" {
  instance_id = aws_instance.this.id
  state       = "running"
}