# VM instance for vector database
resource "google_compute_instance" "vector_db_vm" {
  name         = "sereact-vector-db"
  machine_type = "e2-standard-2"  # 2 vCPUs, 8GB RAM
  zone         = var.zone

  boot_disk {
    initialize_params {
      image = "ubuntu-os-cloud/ubuntu-2204-lts"
      size  = 50  # 50GB disk
      type  = "pd-standard"
    }
  }

  network_interface {
    network = "default"
    access_config {
      # Use static IP if enabled, otherwise ephemeral
      nat_ip = var.use_static_ip ? google_compute_address.vector_db_static_ip[0].address : null
    }
  }

  # Startup script to install and configure Qdrant
  metadata_startup_script = templatefile("${path.module}/scripts/install_qdrant.sh", {
    qdrant_api_key = var.qdrant_api_key
  })

  # Service account for the VM
  service_account {
    email  = google_service_account.vector_db_sa.email
    scopes = ["cloud-platform"]
  }

  # Tags for firewall rules
  tags = ["vector-db", "qdrant"]

  depends_on = [google_project_service.services]
}

# Service account for the vector DB VM
resource "google_service_account" "vector_db_sa" {
  account_id   = "vector-db-sa"
  display_name = "Vector Database Service Account"
  description  = "Service account for the vector database VM"
}

# Firewall rule to allow Qdrant access
resource "google_compute_firewall" "qdrant_firewall" {
  name    = "allow-qdrant"
  network = "default"

  allow {
    protocol = "tcp"
    ports    = ["6333", "6334"]  # Qdrant HTTP and gRPC ports
  }

  source_ranges = [
    "10.0.0.0/8",     # Internal GCP networks
    var.allowed_cidr_blocks  # Your specified IP ranges
  ]

  target_tags = ["qdrant"]
}

# Static IP for the vector DB VM (optional but recommended)
resource "google_compute_address" "vector_db_static_ip" {
  count  = var.use_static_ip ? 1 : 0
  name   = "vector-db-static-ip"
  region = var.region
}