{% import 'variables.include' as var %}

###################
# HoneyPot Instance
resource "aws_instance" "honeypot" {
  ami = "${data.aws_ami.ubuntu.id}"
#  ami = "${data.aws_ami.centos7.id}"
  instance_type = "${var.Instance-Type}"
  availability_zone = "${data.aws_availability_zones.available.names[0]}"
  subnet_id = "${aws_subnet.subnet_Honeypot.id}"
  ebs_optimized = "${var.EBS-Optimized}"
  disable_api_termination = false
  associate_public_ip_address = true
  instance_initiated_shutdown_behavior = "terminate"
  key_name = "${var.AWS-Key-Pair-Name}"
  vpc_security_group_ids = ["${aws_security_group.sg_honeypot_secured_access.id}"]
  depends_on    = ["aws_internet_gateway.gw_primary"]

  tags {
    Name = "honeypot"
  }

  root_block_device {
    volume_type = "${ var.Default-Volume-Type }"
    volume_size = "${ var.Honeypot-Volume-Size }" # Gigabytes
    delete_on_termination = true
  }

  ebs_block_device {
    device_name = "/dev/sdd"
    volume_size = "${var.Swap-Volume-Size}"
    volume_type = "${var.Swap-Volume-Type}"
    delete_on_termination = true
  }

  user_data = <<EOF
#cloud-config
package_update: true
package_upgrade: true
packages:
  - git
  - vim
  - wget
  - curl
  - tcpdump
  - python
runcmd:
  - mkswap /dev/xvdd
  - swapon -a
  - git clone https://github.com/fdamstra/python_multithreaded_socket_logger.git /opt/multithreaded_socket_logger
  - bash /opt/multithreaded_socket_logger/honeypot_init.sh
mounts:
  - [ xvdd, none, swap, sw, 0, 0 ]
growpart:
  mode: auto
  devices: ['/']
  ignore_growroot_disabled: false
EOF
#  - ifconfig eth0 | grep "inet addr" | cut -d: -f2 | awk '{ print "ListenAddress", $1 }' >> /etc/ssh/sshd_config
# To reboot, add the following above the EOF line:
# power_state:
#   delay: "+0"
#   mode: "reboot"
#   message: "Rebooting after first init."
#   condition: True

  # Fix issues with cached keys. Arguably less secure, but also way less annoying
  provisioner "local-exec" {
    command = "ssh-keygen -f ~/.ssh/known_hosts -R honeypot.lab.${var.Domain-Name}"
  }
}

# Create the "bad" network interface
resource "aws_network_interface" "honeypot_if" {
  subnet_id = "${aws_subnet.subnet_Honeypot.id}"
  security_groups = ["${aws_security_group.sg_all_open.id}"]
 
  attachment { 
    instance = "${aws_instance.honeypot.id}"
    device_index = 1
  }
}

# Give me the IP Addresses
output "honeypot_ip" {
    value = "${aws_instance.honeypot.public_ip}"
}

# Give me DNS entries
resource "aws_route53_record" "honeypot" {
  zone_id = "${var.Domain-Zone-ID}"
  name = "honeypot.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = ["${aws_instance.honeypot.public_ip}"]
}
resource "aws_route53_record" "honeypot_pvt" {
  zone_id = "${var.Domain-Zone-ID}"
  name = "honeypot_pvt.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = ["${aws_instance.honeypot.private_ip}"]
}
output "honeypot_dns" {
  value = "${aws_route53_record.honeypot.name}"
}