# @summary A complete concourse setup.
#
# Configures all components of a concourse setup.
#
# Session signing key is the one generated by
#     concourse generate-key -t rsa -f session_signing_key
#
# The tsa key pair is the two files generated by
#     concourse generate-key -t ssh -f worker_key
class profiles::concourse_complete (
  Sensitive[String] $session_signing_key,
  Sensitive[String] $tsa_private_key,
  Sensitive[String] $postgres_password,
  String $tsa_public_key,
) {
  $cluster = 'default'
  class { '::concourse':
    default_cluster => $cluster,
    clusters        => {
      $cluster => {
        # Database settings
        'postgres_user'       => 'concourse',
        'postgres_password'   => $postgres_password,
        'db_name'             => "atc-${cluster}",
        # worker settings
        'external_domain'     => 'concourse.adrift.space',
        'tsa_public_key'      => $tsa_public_key,
        # Web settings
        'tsa_private_key'     => $tsa_private_key,
        'session_signing_key' => $session_signing_key,
      },
    },
  }
  include ::profiles::postgresql

  concourse::database { 'Concourse Database':
  }

  include ::concourse::worker
  include ::concourse::web

  # Settings are gotten through hiera instead, all namespaced directly with
  # `concourse::auth::ldap::`.
  include ::concourse::auth::ldap

  concourse::proxy::nginx { 'concourse.adrift.space':
  }

  include ::concourse::fly

  @@dns::record { 'AAAA concourse.adrift.space.':
    type  => 'AAAA',
    zone  => 'adrift.space.',
    key   => 'concourse',
    value => $facts['ipaddress6'],
  }
}