---

hiera_include:
  - nzbget
  - profiles::media::nzbget
  - profiles::nginx::ldapauth

# manage nzbget
nzbget::params::user: nzbget
nzbget::params::group: media
nzbget::params::manage_group: false

# additional altnames
profiles::pki::vault::alt_names:
  - nzbget.main.unkin.net
  - nzbget.service.consul
  - nzbget.query.consul
  - "nzbget.service.%{facts.country}-%{facts.region}.consul"

# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'nzbget.query.consul'
profiles::nginx::simpleproxy::nginx_aliases:
  - nzbget.main.unkin.net
  - nzbget.service.consul
  - nzbget.query.consul
  - "nzbget.service.%{facts.country}-%{facts.region}.consul"
profiles::nginx::simpleproxy::proxy_port: 6789
profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
profiles::nginx::simpleproxy::proxy_path: '/'
profiles::nginx::simpleproxy::use_default_location: false
nginx::client_max_body_size: 20M

ldap_binddn: 'cn=svc_nzbget,ou=services,ou=users,dc=main,dc=unkin,dc=net'
ldap_template: '(&(uid=%(username)s)(memberOf=ou=nzbget_access,ou=groups,dc=main,dc=unkin,dc=net))'

profiles::nginx::simpleproxy::locations:
  arrstack_web_healthcheck:
    location_cfg_append:
      rewrite: '/consul/health / break'

# configure consul service
consul::services:
  nzbget:
    service_name: 'nzbget'
    tags:
      - 'media'
      - 'nzbget'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'nzbget_http_check'
        name: 'nzbget HTTP Check'
        http: "https://%{facts.networking.fqdn}:443/consul/health"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: nzbget
    disposition: write