# @summary Sets up mu4web
#
# Instanciates an nginx server, and a gunicorn instance.
#
# @param package_name
#   Name of system package for mu4web
# @param server_name
#   Where mu4web should be made available
#   TODO Will currently CNAME that domain to gandalf.adrift.space
# @param wsgi_server
#   Address to use for wsgi (gunicorn) instance
# @param wsgi_port
#   Port to use for wsgi (gunicorn) instance
# @param wsgi_address
#   *Actuall* address used by wsgi instance. Should be possible to
#   change this to a unix socket.
# @param secret_key
#   Secret key for flask instance.
class profiles::mu4web (
  String $package_name = 'mu4web',
  String $server_name = 'mail.adrift.space',
  String $wsgi_server = 'localhost',
  Stdlib::Port $wsgi_port = 8095,
  String $wsgi_address = "${wsgi_server}:${wsgi_port}",
  Sensitive[String] $secret_key = Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24))),
) {
  include ::nginx
  include ::profiles::certificate

  letsencrypt::domain { $server_name:
    cert_name => $profiles::certificate::cert_name,
  }

  ensure_packages([$package_name])

  gunicorn::instance { 'mu4web':
    app     => 'mu4web.main:app',
    # TODO generalize this.
    user    => 'hugo',
    group   => 'nobody',
    address => $wsgi_address,
  }

  # https://flask.palletsprojects.com/en/2.2.x/config/#instance-folders
  # TODO directories
  # TODO don't show secret in diffs
  file { '/usr/var/mu4web.main-instance/settings.py':
    content => epp("${module_name}/mu4web.py.epp"),
  }

  nginx::resource::server { $server_name:
    ipv6_enable          => true,
    ipv6_listen_options  => '',
    www_root             => '/',
    use_default_location => false,
    access_log           => absent,
    error_log            => absent,
    *                    => letsencrypt::conf::nginx($server_name),
  }

  # TODO generalize this
  @@dns::record { $server_name:
    key   => 'mail',
    value => 'gandalf',
    type  => 'CNAME',
    zone  => "${facts['domain']}.",
  }

  if $facts['letsencrypt_directory'][$server_name] {
    nginx::resource::location {
    default:
      server      => $server_name,
      ssl         => true,
      ssl_only    => true,
      index_files => [],
      ;
    "${server_name} - mu4web /":
      location  => '/',
      try_files => ['$uri', '@gunicorn',],
      ;
    "${server_name} - mu4web @gunicorn":
      location => '@gunicorn',
      proxy    => "http://${wsgi_address}",
    }
  }
}