#
# Cookbook:: liquor_cabinet
# Recipe:: default
#

app_name     = node['liquor-cabinet']['app_name']
deploy_user  = node[app_name]['user']
deploy_group = node[app_name]['group']
deploy_path  = node[app_name]['deploy_path']
credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name)

ruby_version = node[app_name]['ruby']['version']
ruby_path    = "/opt/ruby_build/builds/#{ruby_version}"
bundle_path  = "#{ruby_path}/bin/bundle"
rack_env     = node.chef_environment == "production" ? "production" : "development"

ruby_build_install 'v20231225'
ruby_build_definition ruby_version do
  prefix_path ruby_path
end

group deploy_group

user deploy_user do
  group       deploy_group
  manage_home true
  shell       "/bin/bash"
end

directory deploy_path do
  owner deploy_user
  group deploy_group
  mode  '0750'
end

redis_server_role = node[app_name]['redis_server_role']
redis_host = search(:node, "role:#{redis_server_role}").first['knife_zero']['host'] rescue nil
if redis_host.nil?
  Chef::Log.warn("No node found with '#{redis_server_role}' role. Stopping here.")
  return
end

git deploy_path do
  repository node[app_name]['repo']
  revision node[app_name]['revision']
  user  deploy_user
  group deploy_group
  notifies :restart, "service[#{app_name}]", :delayed
end

directory "#{deploy_path}/tmp" do
  owner deploy_user
  group deploy_group
  mode  0750
end

execute "bundle install" do
  user deploy_user
  cwd deploy_path
  command "#{bundle_path} install --without development,test --deployment"
end

template "#{deploy_path}/config.yml.erb" do
  source 'config.yml.erb'
  owner deploy_user
  group deploy_group
  mode '0600'
  sensitive true
  variables environment: rack_env,
            redis_host: redis_host,
            redis_port: node[app_name]['redis_port'],
            redis_db: node[app_name]['redis_db'],
            s3_endpoint: node[app_name]['s3_endpoint'],
            s3_region: node[app_name]['s3_region'],
            s3_bucket: node[app_name]['s3_bucket'],
            s3_access_key: credentials['s3_access_key'],
            s3_secret_key: credentials['s3_secret_key'],
            maintenance_mode_enabled: node[app_name]['maintenance_mode_enabled']
            # TODO sentry_dsn: credentials['sentry_dsn']
  notifies :restart, "service[#{app_name}]", :delayed
end

directory '/etc/rainbows' do
  owner deploy_user
  group deploy_group
  mode  '0750'
end

template "/etc/rainbows/#{app_name}.rb" do
  source 'rainbows.rb.erb'
  owner deploy_user
  group deploy_group
  mode '0640'
  variables user: deploy_user,
            group: deploy_group,
            app_name: app_name,
            working_directory: deploy_path,
            config: node[app_name]['rainbows']
  notifies :restart, "service[#{app_name}]", :delayed
end

systemd_unit "#{app_name}.service" do
  content({
    Unit: {
      Description: "Liquor Cabinet remoteStorage HTTP API",
      Documentation: ["https://gitea.kosmos.org/5apps/liquor-cabinet"],
      After: "syslog.target network.target"
    },
    Service: {
      Type: "simple",
      User: deploy_user,
      WorkingDirectory: deploy_path,
      Environment: "RACK_ENV=#{rack_env}",
      ExecStart: "#{bundle_path} exec rainbows -c /etc/rainbows/#{app_name}.rb -E #{rack_env}",
      PIDFile: "#{deploy_path}/tmp/rainbows.pid",
      TimeoutSec: "10",
      Restart: "on-failure",
    },
    Install: {
      WantedBy: "multi-user.target"
    }
  })
  verify false
  triggers_reload true
  action [:create, :enable]
end

service app_name do
  action [:enable, :start]
end

if node[app_name]['ufw_source_allowed']
  firewall_rule app_name do
    command  :allow
    protocol :tcp
    port     node[app_name]['rainbows']['port']
    source   node[app_name]['ufw_source_allowed']
  end
end