locals {
  metadata = {
    enable-oslogin = "TRUE"
  }
}

resource "google_compute_instance" "frontend" {
  name         = "frontend-instance"
  machine_type = var.instance_type
  zone         = var.zone

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
      size  = 10
    }
  }

  network_interface {
    subnetwork = var.frontend_subnet_id

    access_config {} # IP publique obligatoire
  }

  metadata = local.metadata

  tags = ["frontend", "ssh"]
}

resource "google_compute_instance" "backend" {
  name         = "backend-instance"
  machine_type = var.instance_type
  zone         = var.zone

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
      size  = 10
    }
  }

  network_interface {
    subnetwork = var.backend_subnet_id
    # pas d'access_config → pas d'IP publique
  }

  metadata = local.metadata

  tags = ["backend", "ssh"]
}

resource "google_compute_instance" "database" {
  name         = "database-instance"
  machine_type = var.instance_type
  zone         = var.zone

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
      size  = 20
    }
  }

  network_interface {
    subnetwork = var.database_subnet_id
    # pas d'access_config → privé فقط
  }

  metadata = local.metadata

  tags = ["database", "ssh"]
}