import pulumi
import pulumi_aws as aws
import conf as config

# 🔐 Security Group
ingress_rules = [{"protocol": "tcp", "from_port": port, "to_port": port, "cidr_blocks": ["3.14.44.224/32"]}
                 for port in config.ec2_config["allowed_ports"]]

sg = aws.ec2.SecurityGroup(config.ec2_config["sg_name"],
    vpc_id=config.network["vpc_id"],
    description="Allow defined ports",
    ingress=ingress_rules,
    egress=[{"protocol": "-1", "from_port": 0, "to_port": 0, "cidr_blocks": ["0.0.0.0/0"]}],
)

# 🐳 Script user_data com Docker, Langfuse e montagem do volume EBS
user_data = f"""#!/bin/bash
set -e
sudo apt-get update -y
sudo apt-get install -y ca-certificates curl gnupg git
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update -y
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo groupadd docker || true
sudo usermod -aG docker ubuntu
sudo chmod 666 /var/run/docker.sock
sudo systemctl enable docker
sudo systemctl restart docker

cd /opt
git clone {config.langfuse_config["repo_url"]}
cd langfuse

NEXTAUTH_SECRET=$(openssl rand -hex 32)
PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
SALT=$(openssl rand -hex 16)
ENCRYPTION_KEY=$(openssl rand -hex 32)

cat > .env <<EOF
NEXTAUTH_SECRET=$NEXTAUTH_SECRET
NEXTAUTH_URL=http://$PUBLIC_IP:{config.langfuse_config["web_port"]}
DATABASE_URL=postgresql://postgres:postgres@postgres:5432/postgres
CLICKHOUSE_URL=http://clickhouse:8123
CLICKHOUSE_USER=clickhouse
CLICKHOUSE_PASSWORD=clickhouse
TELEMETRY_ENABLED=false
SALT=$SALT
ENCRYPTION_KEY=$ENCRYPTION_KEY
REDIS_AUTH=myredissecret
LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID=minio
LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY=miniosecret
LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID=minio
LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY=miniosecret
LANGFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID=minio
LANGFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY=miniosecret
MINIO_ROOT_USER=minio
MINIO_ROOT_PASSWORD=miniosecret
EOF
sudo docker compose -f docker-compose.yml up -d

# 📦 Montar volume EBS
DEVICE="{config.ec2_config['ebs_volume']['device_name']}"
MOUNT_DIR="/mnt/langfuse-data"

if [ -b "$DEVICE" ]; then
  sudo mkfs -t ext4 $DEVICE
  sudo mkdir -p $MOUNT_DIR
  sudo mount $DEVICE $MOUNT_DIR
  echo "$DEVICE $MOUNT_DIR ext4 defaults,nofail 0 2" | sudo tee -a /etc/fstab
else
  echo "Volume $DEVICE não encontrado."
fi
"""

# 🖥️ Criar EC2
instance = aws.ec2.Instance("assistente-produtos-servicos-langfuse-ec2",
    instance_type=config.ec2_config["instance_type"],
    ami=aws.ec2.get_ami(
        most_recent=True,
        owners=["099720109477"],
        filters=[{"name": "name", "values": ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]}]
    ).id,
    subnet_id=config.network["subnet_ids"][0],
    vpc_security_group_ids=[sg.id],
    #key_name=config.ec2_config["key_name"],
    user_data=user_data,
    associate_public_ip_address=True,
    tags={"Name": config.ec2_config["instance_name"]},

    root_block_device=aws.ec2.InstanceRootBlockDeviceArgs(
        volume_size=config.ec2_config["ebs_volume"]["size"],
        volume_type=config.ec2_config["ebs_volume"]["volume_type"],
        delete_on_termination=True,
    )

)

pulumi.export("instance_ip", instance.public_ip)
pulumi.export("url", pulumi.Output.concat("http://", instance.public_ip, f":{config.langfuse_config['web_port']}"))