{%- from 'macros.jinja' import redis %}

include:

{%- if salt['grains.get']('include_secrets', True) %}

  - secrets.role.calendar

{%- endif %}

  - role.common.nginx

profile:

  calendar:

    database_name: calendar

    database_user: calendar

    database_host: postgresql.infra.opensuse.org

    # OIDC secret is in pillar/secrets/role/calendar.sls

    openidc:

      client_id: calendar.opensuse.org

nginx:

  servers:

    managed:

      calendar.opensuse.org.conf:

        config:

          - server:

              - listen: '[::]:80 default_server'

              - server_name: calendar.opensuse.org

              - root: /srv/www/calendar-o-o/public

              - client_max_body_size: 20m

              - keepalive_timeout: 5

              - try_files $uri/index.html $uri @calendar

              {%- for location in ['@calendar', '/cable'] %}

              - location {{ location }}:

                  - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for

                  - proxy_set_header: Host $http_host

                  - proxy_pass: 'http://unix:/run/calendar/puma'

              {%- endfor %}

                  - proxy_set_header: Upgrade $http_upgrade

              - error_page: 500 502 503 504 /50x.html

              - location = /50x.html:

                  - root: /srv/www/htdocs

              - access_log: /var/log/nginx/calendar.access.log combined

              - error_log: /var/log/nginx/calendar.error.log

        enabled: True

users:

  calendar:

    system: true

groups:

  redis:

    system: true

    members:

      - calendar

{{ redis('calendar') }}