# Some instance variables
locals {
  ami_selection = "minion" # master, minion, ...
}

# Rather than pass in the aws security group, we just look it up. This will
# probably be useful other places, as well.
data "aws_security_group" "typical-host" {
  name   = "typical-host"
  vpc_id = var.vpc_id
}

# Use the default EBS key
data "aws_kms_key" "ebs-key" {
  key_id = "alias/ebs_root_encrypt_decrypt"
}

resource "aws_security_group" "mailrelay_security_group" {
  name = "mailrelay_security_group"
  description = "Security Group for the Mail Relay Server(s)"
  vpc_id = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_security_group_rule" "smtp-in" {
  description = "inbound smtp requests"
  type = "ingress"
  from_port = 25
  to_port = 25
  protocol = "tcp"
  cidr_blocks = [ "10.0.0.0/8" ]
  security_group_id = aws_security_group.mailrelay_security_group.id
}

resource "aws_security_group_rule" "submission-in" {
  description = "inbound smtp requests"
  type = "ingress"
  from_port = 587
  to_port = 587
  protocol = "tcp"
  cidr_blocks = [ "10.0.0.0/8" ]
  security_group_id = aws_security_group.mailrelay_security_group.id
}

#resource "aws_security_group_rule" "smtp-out" {
#  description = "outbound smtp requests"
#  type = "egress"
#  from_port = 25
#  to_port = 25
#  protocol = "tcp"
#  cidr_blocks = [ "10.0.0.0/8" ]
#  security_group_id = aws_security_group.mailrelay_security_group.id
#}

resource "aws_security_group_rule" "submission-out" {
  description = "outbound submission (smtp-s) requests"
  type = "egress"
  from_port = 587
  to_port = 587
  protocol = "tcp"
  cidr_blocks = [ "0.0.0.0/0" ]
  security_group_id = aws_security_group.mailrelay_security_group.id
}