# @summary A complete concourse setup.
#
# Configures all components of a concourse setup.
#
# Session signing key is the one generated by
#     concourse generate-key -t rsa -f session_signing_key
#
# The tsa key pair is the two files generated by
#     concourse generate-key -t ssh -f worker_key
class profiles::concourse_complete (
  Sensitive[String] $session_signing_key,
  Sensitive[String] $tsa_public_key,
  Sensitive[String] $tsa_private_key,
) {
  class { '::concourse':
    clusters => {
      $concourse::default_cluster => {
        # Database settings
        'postgres_user'       => 'concourse',
        'postgres_password'   => Sensitive(cache_data(
          'profiles::concourse',
          'postgres_password',
          extlib::random_password(25)
        )),
        'db_name'             => "atc-${concourse::default_cluster}",
        # worker settings
        'external_domain'     => 'concourse.adrift.space',
        'tsa_public_key'      => $tsa_public_key,
        # Web settings
        'tsa_private_key'     => $tsa_private_key,
        'session_signing_key' => $session_signing_key,
      },
    },
  }
  include ::profiles::postgresql

  concourse::database { 'Concourse Database':
  }

  include ::concourse::worker
  include ::concourse::web

  # Settings are gotten through hiera instead, all namespaced directly with
  # `concourse::auth::ldap::`.
  include ::concourse::auth::ldap

  concourse::proxy::nginx { 'concourse.adrift.space':
  }

  include ::concourse::fly

  @@dns::record { 'CNAME concourse.adrift.space.':
    type  => 'CNAME',
    zone  => 'adrift.space.',
    key   => 'concourse',
    value => 'gandalf.adrift.space.',
  }

}