# profiles::rundeck::server
class profiles::rundeck::server (
  Struct[{
    Optional['file'] => Hash[String, Any],
    Optional['ldap'] => Hash[String, Any],
    Optional['pam']  => Hash[String, Any]
  }] $auth_config = {},
  Array[Hash] $key_storage_config = [],
  Hash      $acl_policies   = {},
  Hash      $cli_projects   = {},
  String    $cli_user       = 'admin',
  String    $cli_password   = lookup('rundeck_admin_pass'),
  Boolean   $mysql_backend  = true,
  String    $mysql_user     = 'rundeck',
  String    $mysql_name     = 'rundeck',
  String    $mysql_pass     = fqdn_rand_string(16),
  Stdlib::Host $mysql_host  = '127.0.0.1',
  Stdlib::Port $mysql_port  = 3306,
  Stdlib::Absolutepath $extra_libs_dir = '/var/lib/rundeck/lib',
  Stdlib::Absolutepath $jdbc_driver_dest = "${extra_libs_dir}/mariadb-java-client-3.4.1.jar",
  Stdlib::HTTPSUrl $jdbc_driver_url = 'https://dlm.mariadb.com/3852266/Connectors/java/connector-java-3.4.1/mariadb-java-client-3.4.1.jar',
  Stdlib::HTTPSUrl $grails_server_url = "https://${facts['networking']['fqdn']}:4440",
  String $jvm_args = '-Xmx1024m -Xms256m -server -Drundeck.jetty.connector.forwarded=true',
){

  # when using mysql backend
  if $mysql_backend {

    # export a mariadb user
    @@mysql_user { "${mysql_user}@${facts['networking']['fqdn']}":
      ensure        => present,
      password_hash => mysql::password($mysql_pass),
      tag           => $facts['region'],
    }

    # export a mariadb permission
    @@mysql_grant { "${mysql_user}@${facts['networking']['fqdn']}/${mysql_name}.*":
      ensure     => present,
      table      => "${mysql_name}.*",
      user       => "${mysql_user}@${facts['networking']['fqdn']}",
      privileges => ['ALL'],
      tag        => $facts['region'],
    }

    # create the missing /var/lib/rundeck/lib directory
    mkdir::p {$extra_libs_dir:}
    file {$extra_libs_dir:
      ensure  => directory,
      owner   => 'rundeck',
      group   => 'rundeck',
      mode    => '0755',
      require => Package['rundeck'],
      before  => Service['rundeckd'],
    }

    # download the jdbc driver, place in /var/lib/rundeck/lib
    archive { $jdbc_driver_dest:
      ensure  => present,
      source  => $jdbc_driver_url,
      extract => false,
      user    => 'rundeck',
      group   => 'rundeck',
      require => File[$extra_libs_dir],
      before  => Service['rundeckd'],
    }

    $database_config = {
      'url'             => "jdbc:mysql://${mysql_host}:${mysql_port}/${mysql_name}",
      'username'        => $mysql_user,
      'password'        => $mysql_pass,
      'driverClassName' => 'org.mariadb.jdbc.Driver',
    }
  }else{
    $database_config = {}
  }

  class { 'rundeck':
    grails_server_url  => $grails_server_url,
    auth_config        => $auth_config,
    key_storage_config => $key_storage_config,
    database_config    => $database_config,
    cli_user           => $cli_user,
    cli_password       => $cli_password,
    jvm_args           => $jvm_args,
  }

  create_resources('rundeck::config::aclpolicyfile', $acl_policies)
  create_resources('rundeck::config::project', $cli_projects)

  # create rundeck runner ssh key
  file {'/var/lib/rundeck/.ssh/rundeck_id_rsa':
    ensure  => 'file',
    owner   => 'rundeck',
    group   => 'rundeck',
    mode    => '0600',
    content => lookup('rundeck::ssh::private_key'),
  }
  file {'/var/lib/rundeck/.ssh/rundeck_id_rsa.pub':
    ensure  => 'file',
    owner   => 'rundeck',
    group   => 'rundeck',
    mode    => '0644',
    content => lookup('profiles::accounts::rundeck::sshkeys'),
  }
}