local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
local redis = import "../../kube/redis.libsonnet";

// Copy over the secret from the ceph cluster namespace to the environment
// namespace. Eg.
//   cluster=ceph-waw3
//   pool=waw-hdd-redundant-3-object
//   namespace=hswaw-prod
//   kubectl get -n $cluster secret rook-ceph-object-user-$pool-$namespace-pretalx-s3 -o json > hswaw/kube/secrets/plain/prod-pretalx-s3.json

{
    local cfg = self.cfg,
    cfg:: {
        // q3k's fork for S3 support (q3k/s3)
        image: "registry.k0.hswaw.net/q3k/pretalx-docker:20200217-1581977177",
        storageClassName: error "storageClassName must be set!",
        webFQDN: error "webFQDN must be set!",

        smtpPassword: error "smtpPassword must be set!",

        s3: {
            cluster: "ceph-waw3",
            pool: "waw-hdd-redundant-3-object",
            credsSecret: error "credsSecret msut be set",
        },

        smtp: {
            server: "mail.hackerspace.pl",
            from: "pretalx@hackerspace.pl",
            username: "pretalx",
        },
    },

    component(cfg, env): mirko.Component(env, "pretalx") {
        local pretalx = self,
        cfg+: {
            image: cfg.image,
            volumes+: {
                data: kube.PersistentVolumeClaimVolume(pretalx.volumeData),
                config: kube.SecretVolume(pretalx.config),
            },

            pgpass:: { secretKeyRef: { name: pretalx.makeName("-postgres"), key: "postgres_password", } },

            containers:: {
                default: pretalx.Container("main") {
                    volumeMounts_+: {
                        data: { mountPath: "/data", },
                        config: { mountPath: "/etc/pretalx" },
                    },
                    workingDir: "/pretalx/src",
                    command: [
                        "gunicorn", "pretalx.wsgi",
                        "--name", "pretalx",
                        "--workers", "4",
                        "--max-requests", "1200",
                        "--max-requests-jitter", "50",
                        "--log-level", "info",
                        "--bind", "0.0.0.0:8080",
                    ],
                    env_: {
                        PRETALX_DB_PASS: pretalx.cfg.pgpass,
                        HOME: "/pretalx",
                        PRETALX_DATA_DIR: "/data",
                    },
                    resources: {
                        // thicc Python
                        requests: {
                            cpu: "100m",
                            memory: "512Mi",
                        },
                        limits: {
                            cpu: "1",
                            memory: "2Gi",
                        },
                    },
                },
                worker: pretalx.Container("worker") {
                    volumeMounts_+: {
                        data: { mountPath: "/data", },
                        config: { mountPath: "/etc/pretalx" },
                    },
                    workingDir: "/pretalx/src",
                    command: [
                        "celery", "-A", "pretalx.celery_app", "worker",
                        "-l", "info",
                    ],
                    env_: {
                        PRETALX_DB_PASS: pretalx.cfg.pgpass,
                        HOME: "/pretalx",
                        PRETALX_DATA_DIR: "/data",
                    },
                    resources: {
                        // thicc Python
                        requests: {
                            cpu: "100m",
                            memory: "512Mi",
                        },
                        limits: {
                            cpu: "1",
                            memory: "2Gi",
                        },
                    },
                },
            },
            securityContext: {
                runAsUser: 999,
            },
            ports+: {
                publicHTTP: {
                    web: {
                        port: 8080,
                        dns: cfg.webFQDN,
                    },
                },
            },
        },

        secret: kube.Secret(pretalx.makeName("secret")) {
            metadata+: pretalx.metadata,
            data: {
                smtpPassword: cfg.smtpPassword,
            },
        },

        cronjob: kube.CronJob(pretalx.makeName("runperiodic")) {
            metadata+: pretalx.metadata,
            spec+: {
                schedule: "*/5 * * * *",
                jobTemplate+: {
                    spec+: {
                        selector:: null,
                        template+: {
                            spec+: {
                                containers_: {
                                    runperiodic: kube.Container("runperiodic") {
                                        image: cfg.image,
                                        workingDir: "/pretalx/src",
                                        volumeMounts_+: {
                                            config: { mountPath: "/etc/pretalx" },
                                        },
                                        env_: {
                                            PRETALX_DB_PASS: pretalx.cfg.pgpass,
                                            HOME: "/pretalx",
                                            PRETALX_DATA_DIR: "/data",
                                        },
                                        command: [
                                            "python3", "-m", "pretalx",
                                            "runperiodic",
                                        ],
                                    },
                                },
                                securityContext: {
                                    runAsUser: 999,
                                },
                                volumes_+: {
                                    config: kube.SecretVolume(pretalx.config),
                                },
                            },
                        },
                    },
                },
            },
        },

        config: kube.Secret(pretalx.makeName("-config")) {
            metadata+: pretalx.metadata,
            data: {
                "pretalx.cfg": std.base64(std.manifestIni({
                    sections: {
                        filesystem: {
                            data: "/data", media: "/data/media", logs: "/data/logs",
                        },
                        site: {
                            debug: false,
                            url: "https://%s" % cfg.webFQDN,
                        },
                        s3media: {
                            bucket: "pretalx-prod",
                            access_key_id: std.base64Decode(cfg.s3.credsSecret.data.AccessKey),
                            secret_access_key: std.base64Decode(cfg.s3.credsSecret.data.SecretKey),
                            endpoint: "https://object.ceph-waw3.hswaw.net",
                        },
                        database: {
                            backend: "postgresql",
                            name: "pretalx",
                            user: "pretalx",
                            // password: ... // provided by environment variable from secret
                            host: pretalx.postgres.bouncer.svc.host,
                            //port: 5432
                        },
                        mail: {
                            from: cfg.smtp.from,
                            host: cfg.smtp.server,
                            port: 587,
                            user: cfg.smtp.username,
                            password: cfg.smtpPassword,
                            tls: "True",
                        },
                        celery: {
                            backend: "redis://%s/1" % [pretalx.redis.svc.host],
                            broker: "redis://%s/2" % [pretalx.redis.svc.host],
                        },
                    },
                })),
            },
        },

        postgres: postgres {
            cfg+: {
                namespace: pretalx.metadata.namespace,
                appName: pretalx.makeName("-pretalx"),
                storageClassName: cfg.storageClassName,
                prefix: pretalx.makeName("-postgres") + "-",
                database: "pretalx",
                username: "pretalx",
                password: pretalx.cfg.pgpass,
            },
        },

        redis: redis {
            cfg+: {
                namespace: pretalx.metadata.namespace,
                appName: pretalx.makeName("-pretalx"),
                storageClassName: cfg.storageClassName,
                prefix: pretalx.makeName("-redis") + "-",
            },
        },

        volumeData: kube.PersistentVolumeClaim(pretalx.makeName("-data")) {
            metadata+: pretalx.metadata,
            spec+: {
                storageClassName: cfg.storageClassName,
                accessModes: ["ReadWriteOnce"],
                resources: {
                    requests: {
                        storage: "5Gi",
                    },
                },
            },
        },

        s3: kube.CephObjectStoreUser(pretalx.makeNameGlobal("-s3")) {
            metadata+: {
                namespace: cfg.s3.cluster,
            },
            spec: {
                store: cfg.s3.pool,
                displayName: pretalx.makeNameGlobal("-s3"),
            },
        },
    },
}