# =============================================================================
# CLOUDFLARE : Networks : Routes
# =============================================================================

#
resource "cloudflare_zero_trust_tunnel_cloudflared_route" "home_tunnel_route" {
  account_id = local.cloudflare_account_id
  network    = var.tunnel_network
  tunnel_id  = cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id
  comment    = var.tunnel_network_comment
}

#
#data "cloudflare_zero_trust_tunnel_cloudflared_route" "home_tunnel_route_token" {
#  account_id = "699d98642c564d2e855e9661899b7252"
#  route_id = cloudflare_zero_trust_tunnel_cloudflared_route.home_tunnel_route.id
#}

# =============================================================================
# DNS RECORDS (un par application)
# =============================================================================

resource "cloudflare_dns_record" "applications" {
  for_each = var.applications

  zone_id = local.cloudflare_zone_id
  name    = each.value.subdomain
  content = "${cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id}.cfargotunnel.com"
  type    = "CNAME"
  ttl     = var.dns_ttl
  proxied = var.dns_proxied
  comment = "Managed by Terraform - ${each.key} via Cloudflare Tunnel"
}

# =============================================================================
# TUNNEL CONFIGURATION
# =============================================================================

resource "cloudflare_zero_trust_tunnel_cloudflared_config" "home_tunnel_config" {
  account_id = local.cloudflare_account_id
  tunnel_id  = cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id
  
  config = {
    warp_routing = {
      enabled = var.tunnel_warp_routing_enabled
    }
    
    ingress = local.ingress_rules
  }

  lifecycle {
    # Ignorer les changements manuels dans Cloudflare Dashboard
    ignore_changes = [config]
  }
}

# =============================================================================
# CLOUDFLARE : Networks : Routes : virtual network
# =============================================================================

#
resource "cloudflare_zero_trust_tunnel_cloudflared_virtual_network" "example_zero_trust_tunnel_cloudflared_virtual_network" {
  account_id = local.cloudflare_account_id

  name               = "us-east-1-vpc"
  comment            = "Staging VPC for data science"
  is_default         = false
  is_default_network = false
}