variable "flake_ref" {
  type = string
}

variable "flake_sha" {
  type = string
}

job "email" {
  datacenters = [ "homelab-1" ]
  type = "service"

  constraint {
    attribute = "${attr.unique.hostname}"
    value = "blowhole"
  }

  group "getmail" {
    count = 1

    volume "mail-configuration" {
      type = "csi"
      source = "mail-configuration"
      read_only = false

      attachment_mode = "file-system"
      access_mode     = "multi-node-multi-writer"
    }

    restart {
      attempts = 5
      delay = "5s"
    }

    network {
      mode = "bridge"
    }

    service {
      name = "getmail"
      port = "666"

      connect {
        sidecar_service {
          proxy {
            upstreams {
              destination_name = "dovecot-lmtp"
              local_bind_port  = 24
              datacenter = "homelab-1"
            }
          }
        }
      }
    }

    task "app" {
      driver = "docker"

      volume_mount {
        volume = "mail-configuration"
        destination = "/mail-configuration"
        read_only = false
      }

      config {
        nix_flake_ref = "${var.flake_ref}#nixngSystems.getmail.config.system.build.toplevel"
        nix_flake_sha = var.flake_sha
        entrypoint = [ "init" ]
      }

      vault {
        policies = ["getmail-policy"]
      }

      template {
        data = <<EOF
{{ with secret "kv/data/cluster/getmail" }}{{ .Data.data | toJSON }}{{ end }}
EOF
        destination = "secrets/getmail.passwd"
        change_mode = "restart"
      }

      resources {
        cpu = 256
        memory = 512
      }
    }
  }

  group "dovecot" {
    count = 1

    volume "dovecot_maildir" {
      type = "csi"
      source = "dovecot_maildir"
      read_only = false

      attachment_mode = "file-system"
      access_mode     = "multi-node-multi-writer"
    }

    volume "mail-configuration" {
      type = "csi"
      source = "mail-configuration"
      read_only = false

      attachment_mode = "file-system"
      access_mode     = "multi-node-multi-writer"
    }

    restart {
      attempts = 5
      delay = "5s"
    }

    network {
      mode = "bridge"
    }

    service {
      name = "dovecot-lmtp"
      port = "24"

      connect {
        sidecar_service {}
      }
    }

    service {
      name = "dovecot-imap"
      port = "143"

      connect {
        sidecar_service {}
      }
    }

    task "app" {
      driver = "docker"

      volume_mount {
        volume = "dovecot_maildir"
        destination = "/maildir"
        read_only = false
      }

      volume_mount {
        volume = "mail-configuration"
        destination = "/mail-configuration"
        read_only = false
      }

      config {
        nix_flake_ref = "${var.flake_ref}#nixngSystems.dovecot.config.system.build.toplevel"
        nix_flake_sha = var.flake_sha
        entrypoint = [ "init" ]
      }

      env {
      }

      resources {
        cpu = 128
        memory = 256
      }

      vault {
        policies = ["dovecot-policy"]
      }

      template {
        data = <<EOF
{{ with secret "kv/data/cluster/dovecot" }}{{ .Data.data.passwd }}{{ end }}
EOF
        destination = "secrets/passwd.dovecot"
        change_mode = "noop"
      }
    }
  }
}