#
# Cookbook:: kosmos_strfry
# Recipe:: substr
#

unless platform?("ubuntu")
  raise "This recipe only supports Ubuntu installs at the moment"
end

apt_package "imagemagick"

directory node["substr"]["workdir"] do
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0755"
end

if node["substr"]["download_url"]
  remote_file '/usr/local/bin/substr' do
    source node["substr"]["download_url"]
    checksum node["substr"]["checksum"]
    mode '0755'
    show_progress true
    notifies :restart, "service[substr]", :delayed
  end

  exec_start = "/usr/local/bin/substr"
else
  # TODO Install Deno 2

  git node["substr"]["workdir"] do
    user node["strfry"]["user"]
    group node["strfry"]["group"]
    repository node['substr']['repo']
    revision node['substr']['revision']
    action :sync
    notifies :restart, "service[substr]", :delayed
  end

  exec_start = "deno task server"
end

file "#{node["substr"]["workdir"]}/users.yaml" do
  mode "0644"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  content node["strfry"]["known_pubkeys"].to_yaml
  notifies :restart, "service[substr]", :delayed
end

ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')

env = {
  port: node['substr']['port'],
  base_url: "https://#{node["strfry"]["domain"]}",
  relay_urls: node['substr']['relay_urls'].join(","),
  ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
  ldap_bind_dn: ldap_credentials["service_dn"],
  ldap_password: ldap_credentials["service_password"],
  ldap_search_dn: node["strfry"]["ldap_search_dn"],
}

template "#{node["substr"]["workdir"]}/.env" do
  source 'env.erb'
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode 0600
  sensitive true
  variables config: env
  notifies :restart, "service[substr]", :delayed
end

systemd_unit "substr.service" do
  content({
    Unit: {
      Description: "substr for nostr",
      Documentation: ["https://gitea.kosmos.org/kosmos/substr"],
    },
    Service: {
      Type: "simple",
      User: node["strfry"]["user"],
      WorkingDirectory: node["substr"]["workdir"],
      ExecStart: exec_start,
      Restart: "on-failure",
      RestartSec: "5",
      ProtectHome: "no",
      NoNewPrivileges: "yes",
      ProtectSystem: "full"
    },
    Install: {
      WantedBy: "multi-user.target"
    }
  })
  triggers_reload true
  action :create
end

service "substr" do
  action [:enable, :start]
end