# Generate random password for PostgreSQL
resource "random_password" "db_password" {
  length  = 32
  special = true
}

# Generate random password for Gitea admin user
resource "random_password" "gitea_admin_password" {
  length  = 32
  special = true
}

# Store credentials in AWS Secrets Manager
resource "aws_secretsmanager_secret" "db_credentials" {
  name                    = "${var.project_name}-db-credentials"
  description             = "PostgreSQL database credentials for Gitea"
  recovery_window_in_days = 0

  tags = {
    Name = "${var.project_name}-db-credentials"
  }
}

resource "aws_secretsmanager_secret_version" "db_credentials" {
  secret_id = aws_secretsmanager_secret.db_credentials.id
  secret_string = jsonencode({
    username           = "gitea"
    password           = random_password.db_password.result
    database           = "gitea"
    host               = "postgres"
    port               = 5432
    admin_username     = "gitea_admin"
    admin_password     = random_password.gitea_admin_password.result
    admin_email        = "admin@poll-streams.com"
    gitea_runner_token = "" # Will be auto-generated via API
  })
}

# Store SMTP credentials in Secrets Manager
resource "aws_secretsmanager_secret" "ses_smtp_credentials" {
  name                    = "${var.project_name}-ses-smtp-credentials"
  description             = "SMTP credentials for AWS SES"
  recovery_window_in_days = 0

  tags = {
    Name = "${var.project_name}-ses-smtp-credentials"
  }
}

resource "aws_secretsmanager_secret_version" "ses_smtp_credentials" {
  secret_id = aws_secretsmanager_secret.ses_smtp_credentials.id
  secret_string = jsonencode({
    smtp_host     = "email-smtp.${var.aws_region}.amazonaws.com"
    smtp_port     = "587"
    smtp_username = aws_iam_access_key.ses_smtp_access_key.id
    smtp_password = aws_iam_access_key.ses_smtp_access_key.ses_smtp_password_v4
    alert_email   = var.alert_email
  })
}