# Bucket for backups
resource "b2_bucket" "backups" {
  bucket_name = "lvdb-backups"
  bucket_type = "allPrivate"
}

# Application key for backups bucket
resource "b2_application_key" "restic" {
  bucket_id = b2_bucket.backups.id
  key_name  = "restic"
  capabilities = [
    "deleteFiles",
    "listAllBucketNames",
    "listBuckets",
    "listFiles",
    "readBucketEncryption",
    "readBucketReplications",
    "readBuckets",
    "readFiles",
    "shareFiles",
    "writeBucketEncryption",
    "writeBucketReplications",
    "writeFiles"
  ]
}

output "restic_application_key" {
  value     = b2_application_key.restic.application_key
  sensitive = true
}

output "restic_application_key_id" {
  value = b2_application_key.restic.application_key_id
}

# Bucket for storage of nix cache
resource "cloudflare_r2_bucket" "attic" {
  account_id    = var.account_id
  name          = "attic"
  location      = "WEUR"
  storage_class = "Standard"
}

# Bucket for forgejo storage
resource "cloudflare_r2_bucket" "forgejo" {
  account_id    = var.account_id
  name          = "forgejo"
  location      = "WEUR"
  storage_class = "Standard"
}

module "cloudflare_forgejo_token" {
  source     = "Cyb3r-Jak3/r2-api-token/cloudflare"
  version    = "5.0.1"
  account_id = var.account_id
  buckets    = [cloudflare_r2_bucket.forgejo.name]
}

output "forgejo_access_key_id" {
  value = module.cloudflare_forgejo_token.id
}

output "forgejo_secret_access_key" {
  value     = module.cloudflare_forgejo_token.secret
  sensitive = true
}