[buildout]
parts =
  certificate-authority
  publish-apache-zope-backend-connection-string
  zope-instance
  apache-zope-backend-instance
  ca-apache-zope-backend
  logrotate
  erp5-certificate-authority
  logrotate-entry-zope
  cron
  cron-entry-logrotate
  binary-link
  bt5-erp5-link
  promise-zope
  promise-apache-zope-backend

eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true

{% if 'frontend-software-url' in slapparameter_dict -%}
[request-slave-frontend]
recipe = slapos.cookbook:request.serialised
software-url = {{ slapparameter_dict['frontend-software-url'] }}
software-type = {{ slapparameter_dict.get('frontend-software-type', 'RootSoftwareInstance') }}
sla = instance_guid
sla-instance_guid = {{ slapparameter_dict['frontend-instance-guid'] }}
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
name = SlaveFrontend
slave = true
{% set config_dict = {
  'url': '${apache-zope-backend-instance:scheme}://[${apache-zope-backend-instance:ip}]:${apache-zope-backend-instance:port}',
  'type': 'zope',
} -%}
{% if 'frontend-domain' in slapparameter_dict -%}
{%   do config_dict.__setitem__('custom_domain', slapparameter_dict['frontend-domain']) -%}
{% endif -%}
config = {{ config_dict.keys() | join(' ') }}
{% for name, value in config_dict.items() -%}
config-{{ name }} = {{ value }}
{% endfor -%}
return = site_url

[publish-apache-zope-backend-connection-string]
recipe = slapos.cookbook:publish.serialised
url = ${request-slave-frontend:connection-site_url}
login = ${zope-instance:user}
password = ${zope-instance:password}
url-deadlock = ${:url}/${zope-instance:deadlock-path}?${zope-instance:deadlock-password}
{% else %}
[publish-apache-zope-backend-connection-string]
recipe = slapos.cookbook:publish.serialised
url = https://${zope-instance:user}:${zope-instance:password}@[${apache-zope-backend-instance:ip}]:${apache-zope-backend-instance:port}
url-deadlock = ${:url}/${zope-instance:deadlock-path}?${zope-instance:deadlock-password}
{% endif %}

[apache-zope-backend-instance]
recipe = slapos.cookbook:apache.zope.backend
backend = http://${zope-instance:ip}:${zope-instance:port}/
ip = ${slap-network-information:global-ipv6}
port = 16001
wrapper = ${rootdirectory:bin}/apache
key-file = ${directory:apache-conf}/apache.key
cert-file = ${directory:apache-conf}/apache.crt
configuration-file = ${directory:apache-conf}/apache.conf
{# By default, if no white list is specified, backend allows access to everyone -#}
access-control-string = {{ slapparameter_dict.get('access-control-string', 'all') }}
pid-file = ${basedirectory:run}/apache.pid
lock-file = ${basedirectory:run}/apache.lock
ssl-session-cache = ${basedirectory:log}/apache-ssl-session-cache
error-log = ${basedirectory:log}/apache-error.log
access-log = ${basedirectory:log}/apache-access.log
apache-binary = {{ apache_location }}/bin/httpd
scheme = https

[ca-apache-zope-backend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${apache-zope-backend-instance:key-file}
cert-file = ${apache-zope-backend-instance:cert-file}
executable = ${apache-zope-backend-instance:wrapper}
wrapper = ${basedirectory:services}/apache

[zope-instance]
recipe = slapos.cookbook:generic.zope

# Options
user = zope
port = 12001
ip = ${slap-network-information:local-ipv4}
zodb-cache-size = 5000
thread-amount = 4
zodb-path = ${directory:zodb}/main.fs
deadlock-path = /manage_debug_threads

# Paths
wrapper = ${basedirectory:services}/zope-development
instance-path = ${directory:instance}
instance-etc = ${directory:instance-etc}
instance-products = ${directory:instance-products}
bt5-repository = ${rootdirectory:var}/bt5_repository
tmp-path = ${rootdirectory:tmp}
bin-path = ${rootdirectory:bin}
site-zcml = ${:instance-etc}/site.zcml
logrotate-post = ${rootdirectory:bin}/zope-post-logrotate
pid-file = ${basedirectory:run}/zope.pid
lock-file = ${basedirectory:run}/zope.lock
event-log = ${basedirectory:log}/zope-event.log
z2-log = ${basedirectory:log}/zope-Z2.log
configuration-file = ${rootdirectory:etc}/zope.conf
inituser = ${:instance-path}/inituser
# Binary information
runzope-binary = {{ bin_directory }}/runzope

# Defaults
bt5-repository-list =

[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = {{ logrotate_location }}/usr/sbin/logrotate
gzip-binary = {{ gzip_location }}/bin/gzip
gunzip-binary = {{ gzip_location }}/bin/gunzip
# Directories
wrapper = ${rootdirectory:bin}/logrotate
conf = ${rootdirectory:etc}/logrotate.conf
logrotate-entries = ${directory:logrotate-entries}
backup = ${directory:logrotate-backup}
state-file = ${rootdirectory:srv}/logrotate.status

[logrotate-entry-zope]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = zope
log = ${zope-instance:event-log} ${zope-instance:z2-log}
frequency = daily
rotate-num = 30
post = {{ bin_directory }}/killpidfromfile ${zope-instance:pid-file} SIGUSR2
sharedscripts = true
notifempty = true
create = true

[logrotate-entry-apache-zope-backend]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = zope
log = ${apache-zope-backend-instance:error-log} ${apache-zope-backend-instance:access-log}
frequency = daily
rotate-num = 30
post = {{ bin_directory }}/killpidfromfile ${apache-zope-backend-instance:pid-file} SIGUSR1
sharedscripts = true
notifempty = true
create = true

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = {{ dcron_location }}/sbin/crond
cron-entries = ${directory:cron-entries}
crontabs = ${directory:crontabs}
cronstamps = ${directory:cronstamps}
catcher = ${cron-simplelogger:wrapper}
binary = ${basedirectory:services}/crond

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = ${rootdirectory:bin}/cron_simplelogger
log = ${basedirectory:log}/cron.log

[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = ${logrotate:wrapper}

[binary-link]
recipe = slapos.cookbook:symbolic.link
target-directory = ${rootdirectory:bin}
link-binary =
  {{ coreutils_location }}/bin/basename
  {{ coreutils_location }}/bin/cat
  {{ coreutils_location }}/bin/cp
  {{ coreutils_location }}/bin/ls
  {{ coreutils_location }}/bin/tr
  {{ coreutils_location }}/bin/uname
  {{ git_location }}/bin/git
  {{ graphviz_location }}/bin/dot
  {{ grep_location }}/bin/grep
  {{ imagemagick_location }}/bin/convert
  {{ imagemagick_location }}/bin/identify
  {{ librsvg_location }}/bin/rsvg-convert
  {{ mariadb_location }}/bin/mysql
  {{ mariadb_location }}/bin/mysqldump
  {{ sed_location }}/bin/sed
  {{ tesseract_location }}/bin/tesseract
  {{ w3m_location }}/bin/w3m
  {{ openssl_location }}/bin/openssl
  {{ poppler_location }}/bin/pdfinfo
  {{ poppler_location }}/bin/pdfseparate
  {{ poppler_location }}/bin/pdftotext
  {{ poppler_location }}/bin/pdftohtml
  {{ poppler_location }}/bin/pdfunite
  {{ dmtx_utils_location }}/bin/dmtxwrite
  {{ aspell_location }}/bin/aspell
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${cadirectory:requests}
wrapper = ${basedirectory:services}/ca
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}

[bt5-erp5-link]
recipe = slapos.cookbook:symbolic.link
target-directory = ${basedirectory:bt5-erp5}
link-binary =
  {{ erp5_location }}/product/ERP5/bootstrap
  {{ erp5_location }}/bt5

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:ca-dir}/requests
private = ${directory:ca-dir}/private
certs = ${directory:ca-dir}/certs
newcerts = ${directory:ca-dir}/newcerts
crl = ${directory:ca-dir}/crl

[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
var = ${buildout:directory}/var
srv = ${buildout:directory}/srv
bin = ${buildout:directory}/bin
tmp = ${buildout:directory}/tmp

[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = ${rootdirectory:var}/log
services = ${rootdirectory:etc}/run
promises = ${rootdirectory:etc}/promise/
run = ${rootdirectory:var}/run
backup = ${rootdirectory:srv}/backup
bt5-erp5 = ${rootdirectory:var}/bt5_erp5

[erp5-certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${directory:erp5-ca-dir}
requests-directory = ${erp5-cadirectory:requests}
wrapper = ${basedirectory:services}/erp5-ca
ca-private = ${erp5-cadirectory:private}
ca-certs = ${erp5-cadirectory:certs}
ca-newcerts = ${erp5-cadirectory:newcerts}
ca-crl = ${erp5-cadirectory:crl}

[erp5-cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:erp5-ca-dir}/requests
private = ${directory:erp5-ca-dir}/private
certs = ${directory:erp5-ca-dir}/certs
newcerts = ${directory:erp5-ca-dir}/newcerts
crl = ${directory:erp5-ca-dir}/crl

[directory]
recipe = slapos.cookbook:mkdirectory
zodb = ${rootdirectory:srv}/zodb
instance = ${rootdirectory:srv}/erp5shared
instance-etc = ${:instance}/etc
apache-conf = ${rootdirectory:etc}/apache
instance-etc-package-include = ${:instance}/etc/package-include
# because of bug in slapos.recipe.template keys are lowercased
instance-document = ${:instance}/Document
instance-propertysheet = ${:instance}/PropertySheet
instance-products = ${:instance}/Products
instance-extensions = ${:instance}/Extensions
instance-constraint = ${:instance}/Constraint
instance-import = ${:instance}/import
instance-lib = ${:instance}/lib
instance-tests = ${:instance}/tests
erp5-ca-dir = ${rootdirectory:srv}/erp5-ca
ca-dir = ${rootdirectory:srv}/ssl
cron-entries = ${rootdirectory:etc}/cron.d
crontabs = ${rootdirectory:etc}/crontabs
cronstamps = ${rootdirectory:etc}/cronstamps
logrotate-backup = ${basedirectory:backup}/logrotate
logrotate-entries = ${rootdirectory:etc}/logrotate.d

# Deploy zope promises scripts
[promise-zope]
recipe = slapos.cookbook:check_port_listening
path = ${basedirectory:promises}/zope
hostname = ${zope-instance:ip}
port = ${zope-instance:port}

[promise-apache-zope-backend]
recipe = slapos.cookbook:check_port_listening
path = ${basedirectory:promises}/apache-backend
hostname = ${apache-zope-backend-instance:ip}
port = ${apache-zope-backend-instance:port}