variable "flake_ref" {
  type = string
}

variable "flake_sha" {
  type = string
}

variable "store_path" {
  type =string
}

job "gitea" {
  datacenters = [ "homelab-1" ]
  type = "service"

  constraint {
    attribute = "${attr.unique.hostname}"
    value = "blowhole"
  }

  group "svc" {
    count = 1

    volume "gitea-data" {
      type = "csi"
      source = "gitea-data"
      read_only = false

      attachment_mode = "file-system"
      access_mode     = "single-node-writer"
    }

    volume "gitea-db" {
      type = "csi"
      source = "gitea-db"
      read_only = false

      attachment_mode = "file-system"
      access_mode     = "single-node-writer"
    }

    restart {
      attempts = 5
      delay = "5s"
    }

    network {
      mode = "bridge"
    }

    service {
      name = "gitea"
      port = "3000"

      check {
        type = "http"
        address_mode = "alloc"
        path = "/"
        port = "3000"
        interval = "2s"
        timeout = "2s"
      }

      connect {
        sidecar_service {}
      }
    }

    task "app" {
      driver = "docker"

      volume_mount {
        volume = "gitea-data"
        destination = "/var/lib/gitea"
        read_only = false
      }

      volume_mount {
        volume = "gitea-db"
        destination = "/var/lib/postgresql"
        read_only = false
      }

      config {
        nix_flake_ref = "${var.flake_ref}#nixngConfigurations.gitea.config.system.build.toplevel"
	nix_flake_sha = var.flake_sha
	nix_flake_store_path = var.store_path
        entrypoint = [ "init" ]

        # mounts = [
        #    {
        #         type    = "bind"
        #         target  = "/var/nfs/gitea-data"
        #         source  = "/data/gitea"
        #         options = ["rbind","rw","x-mount.mkdir"]
        #    }
        # ]
      }

      env {
        USER_UID = "5001"
        USER_GID = "5001"
      }

      resources {
        cpu = 500
        memory = 1024
      }

      vault {
        policies = ["gitea-policy"]
      }

      template {
        data = <<EOF
{{ with secret "kv/data/cluster/gitea/gitea" }}{{ .Data.data.secret_key }}{{ end }}
EOF
        destination = "secrets/secret_key"
      }

      template {
        data = <<EOF
{{ with secret "kv/data/cluster/gitea/gitea" }}{{ .Data.data.internal_token }}{{ end }}
EOF
        destination = "secrets/internal_token"
      }

      template {
        data = <<EOF
{{ with secret "kv/data/cluster/gitea/gitea" }}{{ .Data.data.jwt_secret }}{{ end }}
EOF
        destination = "secrets/jwt_secret"
      }

      template {
        data = <<EOF
{{ with secret "kv/data/cluster/gitea/gitea" }}{{ .Data.data.lfs_jwt_secret }}{{ end }}
EOF
        destination = "secrets/lfs_jwt_secret"
      }
    }
  }
}