[buildout]
parts =
  directory
  configtest
  logrotate
  cron
  cron-entry-logrotate
  ca-frontend
  certificate-authority
  squid-cache
  logrotate-entry-apache
  apache-frontend
  apache-cached
  frontend-apache-graceful
  cached-apache-graceful
  switch-softwaretype

eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}

# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory

bin = $${buildout:directory}/bin/
etc = $${buildout:directory}/etc/
srv = $${buildout:directory}/srv/
var = $${buildout:directory}/var/

backup = $${:srv}/backup
log = $${:var}/log
run = $${:var}/run
service = $${:etc}/service

logrotate-backup = $${:backup}/logrotate
logrotate-entries = $${:etc}/logrotate.d

cron-entries = $${:etc}/cron.d
crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl

squid-cache = $${:srv}/squid_cache

[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = $${dynamic-template-slave-list:rendered}

[instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance.
# Always the same.
recipe = slapos.cookbook:slapconfiguration
computer = $${slap_connection:computer_id}
partition = $${slap_connection:partition_id}
url = $${slap_connection:server_url}
key = $${slap_connection:key_file}
cert = $${slap_connection:cert_file}
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.domain = "example.org"
configuration.public-ipv4 = ''
configuration.port = 4443
configuration.plain_http_port = 8080
configuration.server-admin = admin@example.com

[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = $${buildout:directory}/$${:filename}
extra-context =
context =
    key eggs_directory buildout:eggs-directory
    key develop_eggs_directory buildout:develop-eggs-directory
    key slap_software_type instance-parameter:slap-software-type
    key slapparameter_dict instance-parameter:configuration
    $${:extra-context}

[dynamic-template-slave-list]
< = jinja2-template-base
template = ${template-slave-list:target}
filename = instance-slave-list.cfg
extensions = jinja2.ext.do
extra-context =
    key apache_configuration_directory apache-directory:slave-configuration
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key slave_instance_list instance-parameter:slave-instance-list
    key rewrite_cached_configuration apache-configuration:cached-rewrite-file
    key custom_ssl_directory apache-directory:vh-ssl
    raw empty_template ${template-empty:target}
    raw cache_access http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-port}
    raw template_slave_configuration ${template-slave-configuration:target}
    raw template_rewrite_cached ${template-rewrite-cached:target}

# Deploy Apache Frontend (new way, no recipe, jinja power)
[dynamic-apache-frontend-template]
< = jinja2-template-base
template = ${template-apache-frontend-configuration:target}
rendered = $${apache-configuration:frontend-configuration}
extra-context =
    raw httpd_home ${apache-2.2:location}
    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
    key server_name instance-parameter:configuration.domain
    key document_root apache-directory:document-root
    key instance_home buildout:directory
    key ipv4_addr instance-parameter:ipv4-random
    key ipv6_addr instance-parameter:ipv6-random
    key http_port instance-parameter:configuration.plain_http_port
    key https_port instance-parameter:configuration.port
    key server_admin instance-parameter:configuration.server-admin
    key protected_path apache-configuration:protected-path
    key access_control_string apache-configuration:access-control-string
    key login_certificate ca-frontend:cert-file
    key login_key ca-frontend:key-file
    key ca_dir  certificate-authority:ca-dir
    key ca_crl certificate-authority:ca-crl
    key access_log apache-configuration:access-log
    key error_log apache-configuration:error-log
    key pid_file apache-configuration:pid-file
    key slave_configuration_directory apache-directory:slave-configuration

[apache-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
wrapper-path = $${directory:service}/frontend_apache
wait-for-files =
	       $${ca-frontend:cert-file}
	       $${ca-frontend:key-file}

# Deploy Apache for cached website
[dynamic-apache-cached-template]
< = jinja2-template-base
template = ${template-apache-cached-configuration:target}
rendered = $${apache-configuration:cached-configuration}
extra-context =
    raw httpd_home ${apache-2.2:location}
    key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
    key server_name instance-parameter:configuration.domain
    key document_root apache-directory:document-root
    key instance_home buildout:directory
    key ipv4_addr instance-parameter:ipv4-random
    key cached_port apache-configuration:cache-through-port
    key server_admin instance-parameter:configuration.server-admin
    key protected_path apache-configuration:protected-path
    key access_control_string apache-configuration:access-control-string
    key login_certificate ca-frontend:cert-file
    key login_key ca-frontend:key-file
    key ca_dir  certificate-authority:ca-dir
    key ca_crl certificate-authority:ca-crl
    key access_log apache-configuration:cache-access-log
    key error_log apache-configuration:cache-error-log
    key pid_file apache-configuration:cache-pid-file
    key apachecachedmap_path apache-configuration:cached-rewrite-file

[apache-cached]
recipe = slapos.cookbook:wrapper
command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
wrapper-path = $${directory:service}/frontend_cached_apache
wait-for-files =
	       $${ca-frontend:cert-file}
	       $${ca-frontend:key-file}

[apache-directory]
recipe = slapos.cookbook:mkdirectory
document-root = $${directory:srv}/htdocs
slave-configuration = $${directory:srv}/apache-slave-conf.d/
cache = $${directory:var}/cache
mod-ssl = $${:cache}/httpd_mod_ssl
vh-ssl = $${:slave-configuration}/ssl

[apache-configuration]
frontend-configuration = $${directory:etc}/apache_frontend.conf
cached-configuration = $${directory:etc}/apache_frontend_cached.conf
access-log = $${directory:log}/frontend-apache-access.log
error-log = $${directory:log}/frontend-apache-error.log
pid-file = $${directory:run}/httpd.pid
protected-path = /
access-control-string = none
cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt

# Apache for cache configuration
cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid

# Comunication with squid
cache-port = 26010
cache-through-port = 26011


# Create wrapper for "apachectl conftest" in bin
[configtest]
recipe = slapos.cookbook:wrapper
command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
wrapper-path = $${directory:bin}/apache-configtest

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${directory:service}/certificate_authority
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/

[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = $${cadirectory:certs}/apache_frontend.key
cert-file = $${cadirectory:certs}/apache_frontend.crt
executable = $${directory:service}/frontend_apache
wrapper = $${directory:service}/frontend_apache
# Put domain name
name = $${instance-parameter:configuration.domain}

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:service}/crond

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log

[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}

# Deploy Logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${directory:bin}/logrotate
conf = $${directory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${directory:srv}/logrotate.status

[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-configuration:error-log} $${apache-configuration:access-log}
frequency = daily
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true

[squid-cache]
recipe = slapos.cookbook:squid
prepare-path = $${directory:service}/squid-prepare
wrapper-path = $${directory:service}/squid
binary-path = ${squid:location}/sbin/squid
conf-path = $${directory:etc}/squid.cfg
cache-path = $${directory:squid-cache}
ip = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
backend-ip = $${instance-parameter:ipv4-random}
backend-port = $${apache-configuration:cache-through-port}
public-ipv4 = $${instance-parameter:configuration.public-ipv4}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid

[squid-reload]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
wrapper-path = $${directory:service}/squid-reload

[frontend-apache-graceful]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGUSR1
wrapper-path = $${directory:service}/frontend-apache-graceful

[cached-apache-graceful]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:cache-pid-file} SIGUSR1
wrapper-path = $${directory:service}/cached-apache-graceful