local matrix = import "lib/matrix-ng.libsonnet";
local irc = import "lib/appservice-irc.libsonnet";
local telegram = import "lib/appservice-telegram.libsonnet";
local kube = import "../../kube/kube.libsonnet";

matrix {
    local app = self,
    local cfg = app.cfg,
    cfg+:: {
        namespace: "matrix",
        webDomain: "matrix.hackerspace.pl",
        serverName: "hackerspace.pl",
        oidc+: {
            enable: true,
            config+: {
                allow_existing_users: true,
                issuer: "https://sso.hackerspace.pl",
                client_id: "matrix",
                client_secret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
                user_profile_method: "userinfo_endpoint",
                userinfo_endpoint: "https://sso.hackerspace.pl/api/1/userinfo",
                client_auth_method: "client_secret_post",
                scopes: ["profile:read"],
            },
        },
        mediaRepo+: {
            enable: true,
            route: true,
            s3+: {
                endpoint: std.strReplace((import "secrets/plain/media-repo-matrix-ceph.json").Endpoint, "http://", ""),
                accessKey: (import "secrets/plain/media-repo-matrix-ceph.json").AccessKey,
                secretKey: (import "secrets/plain/media-repo-matrix-ceph.json").SecretKey,
                bucketName: "media-repo-matrix",
                region: "eu",
            },
            db+: {
                password: std.strReplace(importstr "secrets/plain/media-repo-matrix-postgres", "\n", ""),
            },
        },
        coturn+: {
            enable: true,
            config+: {
                domain: "turn.hackerspace.pl",
                loadBalancerIP: "185.236.240.59",
            },
        },
    },

    riot+: {
        config+: {
            showLabsSettings: true,
        },
    },

    synapse+: {
        cfg+: {
            appserviceWorker: true,
            federationWorker: false,
        },

        config+: {
            federation_metrics_domains: ["matrix.org", "evolved.systems", "narupo.pl", "staging-matrix.inf.re"]
        },

        genericWorker+: {
            deployment+: {
                spec+: {
                    replicas: 4,
                },
            },
        },

        // Synapse media worker has been replaced by matrix-media-repo deployment
        mediaWorker+: {
            deployment+: {
                spec+: {
                    replicas: 0,
                },
            },
        },
        // local changes
        main+: {
            deployment+: {
                cfg+: {
                    resources+: {
                        limits+: { cpu: "2", memory: "8Gi" },
                        requests+: { cpu: "2", memory: "8Gi" },
                    },
                },
            },
        },
    },

    // Bump up storage to 200Gi from default 100Gi, use different name.  The
    // new name corresponds to a manually migrated and sized-up PVC that
    // contains data from the original waw3-postgres PVC.
    postgres3+: {
        local psql = self,
        volumeClaim+: {
            metadata+: {
                name: "waw3-postgres-2",
            },
            spec+: {
                resources+: {
                    requests+: {
                        storage: "200Gi",
                    },
                },
            },
        },
        tempVC: kube.PersistentVolumeClaim(psql.makeName("tempvc")) {
            metadata+: psql.metadata,
            spec+: {
                storageClassName: psql.cfg.storageClassName,
                accessModes: [ "ReadWriteOnce" ],
                resources: {
                    requests: {
                        storage: "200Gi",
                    },
                },
            },
        },
        deployment+: {
            spec+: {
                template+: {
                    spec+: {
                        volumes_+: {
                            temp: kube.PersistentVolumeClaimVolume(psql.tempVC),
                        },
                        containers_+: {
                            postgres+: {
                                volumeMounts_+: {
                                    temp: { mountPath: "/mnt/tmp/" },
                                },
                            },
                        },
                    },
                },
            },
        },
    },

    appservices: {
        "irc-freenode": irc.AppServiceIrc("freenode") {
            cfg+: {
                image: cfg.images.appserviceIRC,
                storageClassName: "waw-hdd-redundant-3",
                metadata: app.metadata("appservice-irc-freenode"),
                // TODO(q3k): add labels to blessed nodes
                nodeSelector: {
                    "kubernetes.io/hostname": "bc01n02.hswaw.net",
                },
                bootstrapJob: false,
                config+: {
                    homeserver+: {
                        url: "https://%s" % [cfg.webDomain],
                        domain: "%s" % [cfg.serverName],
                    },
                    ircService+: {
                        permissions: {
                            "@q3k:hackerspace.pl": "admin",
                            "@informatic:hackerspace.pl": "admin",
                        },
                        ident: {
                            enabled: true,
                            port: 1113,
                        },
                        servers+: {
                            local servers = self,
                            "irc.freenode.net"+: {
                                mappings+: {},
                                ircClients+: {
                                    maxClients: 150,
                                },
                            },
                            "irc.libera.chat": servers["irc.freenode.net"] {
                                mappings+: import "secrets/plain/appservice-irc-libera-mappings.jsonnet",
                                ircClients+: {
                                    maxClients: 150,
                                },
                                name: "Libera Chat",
                                networkId: "libera",
                                dynamicChannels+: {
                                    groupId: "+libera:hackerspace.pl",
                                    aliasTemplate: "#libera_$CHANNEL",
                                },
                                matrixClients+: {
                                    userTemplate:"@libera_$NICK",
                                },
                            },
                        },
                    },
                },
                passwordEncryptionKeySecret: "appservice-irc-password-encryption-key",
            },
        },
        "telegram-prod": telegram.AppServiceTelegram("prod") {
            cfg+: {
                image: cfg.images.appserviceTelegram,
                storageClassName: cfg.storageClassName,
                metadata: app.metadata("appservice-telegram-prod"),
                bootstrapJob: false,

                config+: {
                    homeserver+: {
                        address: "https://%s" % [cfg.webDomain],
                        domain: cfg.serverName,
                    },
                    appservice+: {
                        id: "telegram",
                    },
                    telegram+: {
                        api_id: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-id", "\n"))[0],
                        api_hash: (std.split(importstr "secrets/plain/appservice-telegram-prod-api-hash", "\n"))[0],
                        bot_token: (std.split(importstr "secrets/plain/appservice-telegram-prod-token", "\n"))[0],
                    },
                    bridge+: {
                        permissions+: {
                            "hackerspace.pl": "puppeting",
                            "@q3k:hackerspace.pl": "admin",
                        },
                    },
                },
            },
        },
    },
}