data "docker_registry_image" "gluetun" {
  name = "qmcgaw/gluetun:latest"
}

resource "docker_image" "gluetun" {
  name = data.docker_registry_image.gluetun.name
  pull_triggers = [data.docker_registry_image.gluetun.sha256_digest]
}

resource "docker_container" "gluetun" {
  image = docker_image.gluetun.image_id
  name = "gluetun"
  hostname = "proxy"

  capabilities {
    add = ["CAP_NET_ADMIN"]
  }

  env = [
    "TZ=Europe/Amsterdam",
    "VPN_SERVICE_PROVIDER=airvpn",
    "VPN_TYPE=wireguard",
    "WIREGUARD_PRIVATE_KEY=AMh4GiVDxxCv0xqUeNHW+koQAGAsC2ZrMkTc/aQJLWM=",
    "WIREGUARD_PRESHARED_KEY=PI5KBRmurT3M+s9jrKQGxQXk8dMmmqLFhCFCH19ttBo=",
    "WIREGUARD_ADDRESSES=10.159.242.252/32",
    "FIREWALL_VPN_INPUT_PORTS=47836",
    "SERVER_COUNTRIES=Netherlands",
    "FIREWALL_INPUT_PORTS=8112"
  ]

  devices {
    host_path = "/dev/net/tun"
    container_path = "/dev/net/tun"
    permissions = "rwm"
  }

  mounts {
    target = "/gluetun/config"
    source = "/var/lib/containers/gluetun"
    type = "bind"
  }

  privileged = true
  restart = "always"

  networks_advanced {
    name = docker_network.container-public.name
    ipv4_address = "192.168.3.27"
  }s

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}