{%- from 'macros.jinja' import redis %}

include:
{%- if salt['grains.get']('include_secrets', True) %}
  - secrets.role.calendar
{%- endif %}
  - role.common.nginx

profile:
  calendar:
    database_name: calendar
    database_user: calendar
    database_host: postgresql.infra.opensuse.org
    # OIDC secret is in pillar/secrets/role/calendar.sls
    openidc:
      client_id: calendar.opensuse.org

nginx:
  servers:
    managed:
      calendar.opensuse.org.conf:
        config:
          - server:
              - listen: '[::]:80 default_server'
              - server_name: calendar.opensuse.org
              - root: /srv/www/calendar-o-o/public
              - client_max_body_size: 20m
              - keepalive_timeout: 5
              - try_files $uri/index.html $uri @calendar
              {%- for location in ['@calendar', '/cable'] %}
              - location {{ location }}:
                  - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
                  - proxy_set_header: Host $http_host
                  - proxy_pass: 'http://unix:/run/calendar/puma'
              {%- endfor %}
                  - proxy_set_header: Upgrade $http_upgrade
              - error_page: 500 502 503 504 /50x.html
              - location = /50x.html:
                  - root: /srv/www/htdocs
              - access_log: /var/log/nginx/calendar.access.log combined
              - error_log: /var/log/nginx/calendar.error.log
        enabled: True

users:
  calendar:
    system: true

groups:
  redis:
    system: true
    members:
      - calendar

{{ redis('calendar') }}