#
# Cookbook Name:: sockethub
# Recipe:: proxy
#

include_recipe 'kosmos-nginx'
include_recipe "kosmos-base::firewall"

server_name = node['sockethub']['nginx']['server_name']

nginx_certbot_site server_name

upstream_hosts = []
search(:node, "role:sockethub").each do |n|
  upstream_hosts << "#{n["knife_zero"]["host"]}:#{node['sockethub']['port']}"
end

if upstream_hosts.empty?
  Chef::Log.warn('No server with "sockethub" role. Stopping here.')
  return
end

template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
  source 'nginx_conf_sockethub.erb'
  owner 'www-data'
  mode 0640
  variables server_name:             server_name,
            upstream_hosts:          upstream_hosts,
            sockethub_external_port: node['sockethub']['external_port'],
            ssl_cert:                "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
            ssl_key:                 "/etc/letsencrypt/live/#{server_name}/privkey.pem"
  notifies :reload, 'service[nginx]', :delayed
end

nginx_site server_name do
  action :enable
end

unless node.chef_environment == "development"
  firewall_rule 'sockethub' do
    port     node['sockethub']['external_port'].to_i
    protocol :tcp
    command  :allow
  end
end