variable "config_data" {
  type = string
  description = "Plain text config file for blocky"
}

job "blocky" {
  datacenters = ["dc1"]
  type = "service"
  priority = 100

  constraint {
    distinct_hosts = true
  }

  update {
    max_parallel = 1
    auto_revert = true
    min_healthy_time = "60s"
    healthy_deadline = "5m"
  }

  group "blocky" {
    # TODO: This must be updated to match the nubmer of servers (possibly grabbed from TF)
    # I am moving away from `system` jobs because of https://github.com/hashicorp/nomad/issues/12023
    count = 3

    network {
      mode = "bridge"

      port "dns" {
        static = "53"
      }

      port "api" {
        %{~ if use_wesher ~}
        host_network = "wesher"
        %{~ endif ~}
        to = "4000"
      }

      dns {
        # Set expclicit DNS servers because tasks, by default, use this task
        servers = [
          "192.168.2.1",
        ]
      }
    }

    service {
      name = "blocky-dns"
      provider = "nomad"
      port = "dns"
    }

    service {
      name = "blocky-api"
      provider = "nomad"
      port = "api"

      tags = [
        "prometheus.scrape",
        "traefik.enable=true",
        "traefik.http.routers.blocky-api.entryPoints=websecure",
      ]

      check {
        name     = "api-health"
        port     = "api"
        type     = "http"
        path     = "/"
        interval = "10s"
        timeout  = "3s"

        check_restart {
          limit = 3
          grace = "5m"
        }
      }
    }

    task "blocky" {
      driver = "docker"

      config {
        image = "ghcr.io/0xerr0r/blocky:v0.24"
        args = ["-c", "$${NOMAD_TASK_DIR}/config.yml"]
        ports = ["dns", "api"]
      }

      action "refresh-lists" {
        command = "/app/blocky"
        args = ["lists", "refresh"]
      }

      action "healthcheck" {
        command = "/app/blocky"
        args = ["healthcheck"]
      }

      resources {
        cpu = 50
        memory = 75
        memory_max = 150
      }

      template {
        data = var.config_data
        destination = "$${NOMAD_TASK_DIR}/config.yml"
        splay = "1m"

        wait {
          min = "10s"
          max = "20s"
        }
      }

      template {
        data = <<EOF
{{ range nomadServices }}
{{ range nomadService 1 (env "NOMAD_ALLOC_ID") .Name -}}
{{ .Address }} {{ .Name }}.nomad
{{- end }}
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/nomad.hosts"
        change_mode = "noop"

        wait {
          min = "10s"
          max = "20s"
        }
      }

      template {
        data = <<EOF
{{ if nomadVarExists "blocky_lists/user" }}
{{ with nomadVar "blocky_lists/user" -}}
{{ .block_list.Value }}
{{- end }}
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/block"
        change_mode = "script"

        change_script {
          command = "/app/blocky"
          args = ["lists", "refresh"]
          timeout = "20s"
        }

        wait {
          min = "30s"
          max = "1m"
        }
      }

      template {
        data = <<EOF
{{ if nomadVarExists "blocky_lists/user" }}
{{ with nomadVar "blocky_lists/user" -}}
{{ .allow_list.Value }}
{{- end }}
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/allow"
        change_mode = "script"

        change_script {
          command = "/app/blocky"
          args = ["lists", "refresh"]
          timeout = "20s"
        }

        wait {
          min = "30s"
          max = "1m"
        }
      }

      template {
        data = <<EOF
{{ if nomadVarExists "blocky_lists/terraform" }}
{{ with nomadVar "blocky_lists/terraform" -}}
{{ .smarttv_regex.Value }}
{{- end }}
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/smarttv-regex.txt"
        change_mode = "script"

        change_script {
          command = "/app/blocky"
          args = ["lists", "refresh"]
          timeout = "20s"
        }

        wait {
          min = "10s"
          max = "20s"
        }
      }

      template {
        data = <<EOF
{{ if nomadVarExists "blocky_lists/terraform" }}
{{ with nomadVar "blocky_lists/terraform" -}}
{{ .wemo.Value }}
{{- end }}
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/wemo.txt"
        change_mode = "script"

        change_script {
          command = "/app/blocky"
          args = ["lists", "refresh"]
          timeout = "20s"
        }

        wait {
          min = "10s"
          max = "20s"
        }
      }

      template {
        data = <<EOF
{{ if nomadVarExists "blocky_lists/terraform" }}
{{ with nomadVar "blocky_lists/terraform" -}}
{{ .sonos.Value }}
{{- end }}
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/sonos.txt"
        change_mode = "script"

        change_script {
          command = "/app/blocky"
          args = ["lists", "refresh"]
          timeout = "20s"
        }

        wait {
          min = "10s"
          max = "20s"
        }
      }
    }

    task "stunnel" {
      driver = "docker"

      lifecycle {
        hook = "prestart"
        sidecar = true
      }

      config {
        image = "iamthefij/stunnel:1.0.0"
        args = ["$${NOMAD_TASK_DIR}/stunnel.conf"]
        ports = ["tls"]
      }

      resources {
        cpu = 20
        memory = 100
      }

      template {
        data = <<EOF
syslog = no
foreground = yes
delay = yes

{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-tls" -}}
[mysql_client]
client = yes
accept = 127.0.0.1:3306
connect = {{ .Address }}:{{ .Port }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
{{- end }}

{{ range nomadService 1 (env "NOMAD_ALLOC_ID") "redis-blocky" -}}
[redis_client]
client = yes
accept = 127.0.0.1:6379
connect = {{ .Address }}:{{ .Port }}
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
{{- end }}
        EOF
        destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
      }

      template {
        data = <<EOF
{{- with nomadVar "secrets/mysql/allowed_psks/blocky" }}{{ .psk }}{{ end -}}
EOF
        destination = "$${NOMAD_SECRETS_DIR}/mysql_stunnel_psk.txt"
      }

      template {
        data = <<EOF
{{- with nomadVar "nomad/jobs/blocky/blocky/stunnel" -}}{{ .redis_stunnel_psk }}{{ end -}}
        EOF
        destination = "$${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
      }
    }

    task "mysql-bootstrap" {
      driver = "docker"

      lifecycle {
        hook = "prestart"
        sidecar = false
      }

      config {
        image = "mariadb:10"
        args = [
          "/usr/bin/timeout",
          "2m",
          "/bin/bash",
          "-c",
          "until /usr/bin/mysql --defaults-extra-file=$${NOMAD_SECRETS_DIR}/my.cnf < $${NOMAD_SECRETS_DIR}/bootstrap.sql; do sleep 10; done",
        ]
      }

      template {
        data = <<EOF
[client]
host=127.0.0.1
port=3306
user=root
{{ with nomadVar "secrets/mysql" }}
password={{ .mysql_root_password }}
{{ end }}
        EOF
        destination = "$${NOMAD_SECRETS_DIR}/my.cnf"
      }

      template {
        data = <<EOF
{{ with nomadVar "nomad/jobs/blocky" }}{{ if .db_name -}}
{{ $db_name := .db_name }}
CREATE DATABASE IF NOT EXISTS `{{ $db_name }}`;
CREATE USER IF NOT EXISTS '{{ .db_user }}'@'%' IDENTIFIED BY '{{ .db_pass }}';
GRANT ALL ON `{{ $db_name }}`.* to '{{ .db_user }}'@'%';

{{ with nomadService "grafana" }}{{ with nomadVar "nomad/jobs" -}}
-- Grant grafana read_only user access to db
GRANT SELECT ON `{{ $db_name }}`.* to '{{ .db_user_ro }}'@'%';
{{ end }}{{ end -}}

{{ else -}}
SELECT 'NOOP';
{{ end -}}{{ end -}}
        EOF
        destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql"
      }

      resources {
        cpu = 50
        memory = 50
      }
    }
  }
}