# vim: set ft=cfg:

{% import 'parts' as parts %}
{% import 'replicated' as replicated with context %}

{% set backup_amount = slapparameter_dict.pop('resilient-clone-number', "1")|int + 1 -%}
{% set monitor_dict = {} -%}
{% set monitor_return = [] -%}

{% if slapparameter_dict.get('enable-monitor', True) == True -%}
{% set monitor_return = ['monitor-base-url'] -%}
{% set monitor_parameter = {'monitor-cors-domains': slapparameter_dict.pop('monitor-cors-domains', "monitor.app.officejs.com")} -%}
{% set monitor_dict = {'parameter': monitor_parameter, 'return': monitor_return} -%}
{% endif -%}
{% set monitor_interface_url = slapparameter_dict.pop('monitor-interface-url', 'https://monitor.app.officejs.com') -%}

[buildout]
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true

# += because we need to take up parts (like instance-custom, slapmonitor etc) from the profile we extended
parts +=
  publish-early
  {{ parts.replicate("kvm", backup_amount) }}
  publish-connection-information
  kvm-frontend-url-promise
  kvm-backend-url-promise

{% if monitor_dict -%}
extends = {{ template_monitor }}


[monitor-htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/.monitor_user
bytes = 8
username = admin

[publish-early]
recipe = slapos.cookbook:publish-early
-init =
  monitor-password monitor-htpasswd:passwd

# XXX Monitoring Main Instane
[monitor-instance-parameter]
monitor-httpd-port = 8160
password = ${publish-early:monitor-password}
cors-domains = {{ monitor_parameter.get('monitor-cors-domains', '') }}

{%  do monitor_parameter.__setitem__('monitor-username', slapparameter_dict.get('monitor-username', 'admin'))%}
{%  do monitor_parameter.__setitem__('monitor-password', slapparameter_dict.get('monitor-password', '${publish-early:monitor-password}'))%}
{% endif -%}

{{ replicated.replicate("kvm", backup_amount, "kvm-export", "kvm-import", slapparameter_dict=slapparameter_dict, monitor_parameter_dict=monitor_dict) }}

[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc

# Bubble down the parameters of the requested instance to the user
[request-kvm]
# Note: += doesn't work.
return =
# Resilient related parameters
  url ssh-public-key resilient-ssh-url notification-id ip {{ monitor_return | join(' ') }}
# KVM related parameters
# XXX: return ALL parameters (like nat rules), through jinja
  backend-url url ip
{{ '  ' }}ipv6-network-info

[publish-connection-information]
recipe = slapos.cookbook:publish
backend-url = ${request-kvm:connection-backend-url}
url = ${request-kvm:connection-url}
ipv6 = ${request-kvm:connection-ip}
ipv6-network-info = ${request-kvm:connection-ipv6-network-info}
monitor-password = ${publish-early:monitor-password}
monitor-user = ${monitor-publish-parameters:monitor-user}
{% if monitor_dict -%}
monitor-base-url = ${monitor-publish-parameters:monitor-base-url}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${publish-early:monitor-password}
{% endif -%}

[kvm-frontend-url-bin]
recipe = collective.recipe.template
input = inline:#!/bin/sh
  URL="${request-kvm:connection-url}"
  if [[ ! "$URL" == https://* ]]; then
    exit 1
  fi
output = ${directory:bin}/kvm-frontend-url
mode = 700

[kvm-frontend-url-promise]
# Check that url parameter is complete
<= monitor-promise-base
module = check_command_execute
name = kvm-frontend-url.py
config-command = ${kvm-frontend-url-bin:output}

[kvm-backend-url-promise]
# Check that backend url is reachable
<= monitor-promise-base
module = check_url_available
name = frontend_promise.py
config-url = ${publish-connection-information:url}