class profiles::pgadmin (
  String $server_name = "pgadmin.${fqdn}",
) {

  ensure_packages(['pgadmin4'])

  uwsgi::vassal { 'pgAdmin':
    path => '/usr/lib/pgadmin4/web/pgAdmin4.wsgi',
  }

  include ::nginx

  nginx::resource::server { $server_name:
    ipv6_enable          => true,
    ipv6_listen_options  => '',
    ssl                  => false,
    use_default_location => false,
  }

  nginx::resource::location { 'pgadmin /':
    server         => $server_name,
    location       => '/',
    location_allow => [
      '127.0.0.1',
      '::1',
      "${facts['network6']}/${extlib::netmask_to_cidr($facts['netmask6'])}",
      "${facts['network']}/${extlib::netmask_to_cidr($facts['netmask'])}",
    ],
    location_deny => [ 'all' ],
    # TODO centralize this setting
    uwsgi         => '/run/uwsgi/emperor.sock',
  }

  # file { '/etc/pgadmin/config_system.py':
  #   content => @("EOF")
  #   SQLITE_PATH = ${sqlite_path}
  #   | EOF
  # }
}