#
# Cookbook:: kosmos_drone
# Recipe:: default
#

package "docker-compose"
deploy_path = "/opt/drone"
credentials = data_bag_item("credentials", "drone")
drone_credentials = data_bag_item('credentials', 'drone')

postgres_config = {
  username: "drone",
  password: drone_credentials["postgresql_password"],
  host: "pg.kosmos.local",
  port: 5432,
  database: "drone"
}

directory deploy_path do
  action :create
end

template "#{deploy_path}/docker-compose.yml" do
  source "docker-compose.yml.erb"
  sensitive true
  mode 0640
  variables domain: node["kosmos_drone"]["domain"],
            upstream_port: node["kosmos_drone"]["upstream_port"],
            gitea_server: "https://#{node["gitea"]["domain"]}",
            client_id: credentials['client_id'],
            client_secret: credentials['client_secret'],
            rpc_secret: credentials['rpc_secret'],
            database_secret: credentials['database_secret'],
            postgres: postgres_config,
            max_procs: 4
  notifies :restart, "systemd_unit[drone.service]", :delayed
end

systemd_unit "drone.service" do
  content({Unit: {
             Description: "drone service with docker compose",
             Requires: "docker.service",
             After: "docker.service",
           },
           Service: {
             Restart: "always",
             WorkingDirectory: deploy_path,
             ExecStart: "/usr/bin/docker-compose up",
             ExecStartPre: "/usr/bin/docker-compose rm -f",
             ExecStop: "/usr/bin/docker-compose down",
           },
           Install: {
             WantedBy: "multi-user.target",
           }})
  action [:create, :enable, :start]
end

firewall_rule 'drone' do
  port     [node["kosmos_drone"]["upstream_port"]]
  source   "10.1.1.0/24" # TODO only allow nginx proxy IPs
  protocol :tcp
  command  :allow
end