#
# Cookbook Name:: kosmos_garage
# Recipe:: nginx_web
#

file "#{node['openresty']['dir']}/conf.d/garage.conf" do
  content <<-EOF
upstream garage_web {
  server localhost:3902;
}

proxy_cache_path #{node['openresty']['cache_dir']}/garage
                 levels=1:2 keys_zone=garage_cache:10m
                 max_size=1g inactive=60m use_temp_path=off;
EOF
end

#
# Root domain for public Web access via bucket-name.root-domain.tld
#

domain_name = node['garage']['s3_web_root_domain']
server_name = "*.#{domain_name}"

tls_cert_for server_name do
  auth "gandi_dns"
  action :create
end

openresty_site domain_name do
  template "nginx_conf_web.erb"
  variables server_name: server_name,
            domain_name: domain_name,
            ssl_cert:    "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
            ssl_key:     "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
end

#
# Custom domains for public Web access
#

node['garage']['s3_web_domains'].each do |domain_name|
  tls_cert_for domain_name do
    auth "gandi_dns"
    action :create
  end

  openresty_site domain_name do
    template "nginx_conf_web.erb"
    variables server_name: domain_name,
              domain_name: domain_name,
              ssl_cert:    "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
              ssl_key:     "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
  end
end