# https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/reverse-proxy-configuration-nginx/
# @param server_name
#   The fully qualified domain name where jenkins should be found
# @param jenkins_port
#   The local port revproxied to
class profiles::jenkins (
  String $server_name,
  Stdlib::Port $jenkins_port = 8090,
) {
  include ::nginx
  include ::profiles::certificate

  letsencrypt::domain { $server_name:
    cert_name => $profiles::certificate::cert_name,
  }

  nginx::resource::server { $server_name:
    ipv6_enable          => true,
    ipv6_listen_options  => '',
    www_root             => '/var/run/jenkins/war/',
    use_default_location => false,
    access_log           => absent,
    error_log            => absent,
    *                    => letsencrypt::conf::nginx($server_name),
  }

  @@dns::record { $server_name:
    type  => 'CNAME',
    zone  => "${facts['domain']}.",
    # TODO key should be $server_name local to domain name of host.
    key   => 'jenkins',
    value => 'adrift.space.'
  }

  if $facts['letsencrypt_directory'][$server_name] {
    nginx::resource::location {
    default:
      server      => $server_name,
      ;
    'jenkins static':
      location      => '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"',
      rewrite_rules => ['"^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last'],
      ;
    'jenkins /userContent':
      location   => '/userContent',
      www_root   => '/var/lib/jenkins/',
      raw_append => @(EOF)
      if (!-f $request_filename) {
        rewrite (.*) /$1 last;
        break;
      }
      | EOF
      ;
    'jenkins /':
      location    => '/',
      proxy       => "http://[::]:${jenkins_port}",
      index_files => [],
      ssl         => true,
      ssl_only    => true,
    }
  }
}