---
consul::services:
  edgecache:
    service_name: 'edgecache'
    tags:
      - 'cache'
      - 'edge'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'edgecache_https_check'
        name: 'EdgeCache HTTPS Check'
        http: "https://%{facts.networking.fqdn}"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: edgecache
    disposition: write

# additional altnames
profiles::pki::vault::alt_names:
  - edgecache.service.consul
  - edgecache.query.consul

profiles::edgecache::params::nginx_resolvers_enable: true
profiles::edgecache::params::nginx_resolvers_ipv4only: true
profiles::edgecache::params::nginx_listen_mode: both
profiles::edgecache::params::nginx_cert_type: vault
profiles::edgecache::params::nginx_aliases:
  - edgecache.service.consul
  - edgecache.query.consul
profiles::edgecache::params::directories:
  /data/edgecache: { owner: root, group: root }
  /data/edgecache/pub: { owner: nginx, group: nginx }
  /data/edgecache/pub/centos: { owner: nginx, group: nginx }
  /data/edgecache/pub/almalinux: { owner: nginx, group: nginx }
  /data/edgecache/pub/debian: { owner: nginx, group: nginx }
  /data/edgecache/pub/epel: { owner: nginx, group: nginx }
  /data/edgecache/pub/postgres: { owner: nginx, group: nginx }
  /data/edgecache/pub/postgres/apt: { owner: nginx, group: nginx }
  /data/edgecache/pub/postgres/yum: { owner: nginx, group: nginx }

profiles::edgecache::params::mirrors:
  debian:
    ensure: present
    location: /debian
    proxy: http://mirror.gsl.icu
  debian_pool:
    ensure: present
    location: /debian/pool
    proxy: http://mirror.gsl.icu
    proxy_cache: cache
    proxy_cache_valid:
      - '200 302 1440h'
      - '404 1m'
  centos_repodata:
    ensure: present
    location: '~* ^/centos/.*/repodata/'
    proxy: http://gsl-syd.mm.fcix.net
  centos_data:
    ensure: present
    location: /centos
    proxy: http://gsl-syd.mm.fcix.net
    proxy_cache: cache
    proxy_cache_valid:
      - '200 302 1440h'
      - '404 1m'
  almalinux_repodata:
    ensure: present
    location: '~* ^/almalinux/.*/repodata/'
    proxy: http://gsl-syd.mm.fcix.net
  almalinux_data:
    ensure: present
    location: /almalinux
    proxy: http://gsl-syd.mm.fcix.net
    proxy_cache: cache
    proxy_cache_valid:
      - '200 302 1440h'
      - '404 1m'
  epel_repodata:
    ensure: present
    location: '~* ^/epel/.*/repodata/'
    proxy: http://gsl-syd.mm.fcix.net
  epel_data:
    ensure: present
    location: /epel
    proxy: http://gsl-syd.mm.fcix.net
    proxy_cache: cache
    proxy_cache_valid:
      - '200 302 1440h'
      - '404 1m'
  postgres_yum_repodata:
    ensure: present
    location: '~* ^/postgres/yum/.*/repodata/'
    rewrite_rules:
      - '^/postgres/yum/(.*)$ /pub/repos/yum/$1 break'
    proxy: https://download.postgresql.org
  postgres_yum_data:
    ensure: present
    location: /postgres/yum
    proxy: https://download.postgresql.org/pub/repos/yum
    proxy_cache: cache
    proxy_cache_valid:
      - '200 302 1440h'
      - '404 1m'
  postgres_apt:
    ensure: present
    location: /postgres/apt
    proxy: https://download.postgresql.org/pub/repos/apt
  postgres_apt_pool:
    ensure: present
    location: /postgres/apt/pool
    proxy: https://download.postgresql.org/pub/repos/apt/pool
    proxy_cache: cache
    proxy_cache_valid:
      - '200 302 1440h'
      - '404 1m'