# Class for forgeo action runner.
class podmanrunner::runner (
  Integer           $replicas         = 2,
)
{
  $userpostfix='runner'
  $runnerdata = lookup("runners",undef,undef,undef)
  package { 'podman':
    ensure   => installed,
    provider => apt,
  }

  package { 'systemd-container':
    ensure   => installed,
    provider => apt,
  }

  package { 'python3-dotenv':
    ensure   => installed,
    provider => apt,
  }

    file { "/usr/local/bin/podman-compose":
      ensure => file,
      mode   => '0555',
      source => 'puppet:///modules/podmanrunner/podman-compose-1.0.6',
      owner  => "root",
      group  => "root",
    }

  $runnerdata.each |$user,$userdata| {

    $sdrun = "systemd-run --wait --user --machine=${user}${userpostfix}@"
    user { "${user}${userpostfix}":
      ensure => present,
      home   => "/opt/${user}${userpostfix}",
      shell  => '/usr/sbin/nologin',
      managehome => true,
    }

    file { "/opt/${user}${userpostfix}/docker-compose.yaml":
      ensure  => file,
      content => template('podmanrunner/docker-compose.yaml.erb'),
      owner   => "${user}${userpostfix}",
      group   => "${user}${userpostfix}",
      mode    => '0400',
    }


    file { "/opt/${user}${userpostfix}/runnerimage":
      ensure => directory,
      mode   => '0700',
      owner  => "${user}${userpostfix}",
      group  => "${user}${userpostfix}",
    }

    file { "/opt/${user}${userpostfix}/runnerimage/Containerfile":
      ensure  => file,
      content => template('podmanrunner/runnerimage-Containerfile.erb'),
      owner   => "${user}${userpostfix}",
      group   => "${user}${userpostfix}",
      mode    => '0400',
    }

    unless find_file("/opt/${user}${userpostfix}/runnerdata") {
      file { "/opt/${user}${userpostfix}/runnerdata":
        ensure => directory,
        mode   => '0700',
        owner   => "${user}${userpostfix}",
        group   => "${user}${userpostfix}",
      }
    }

    unless find_file("/opt/${user}${userpostfix}/runnerdata/config.yml") {
      file { "/opt/${user}${userpostfix}/runnerdata/config.yml":
        ensure  => file,
        source => 'puppet:///modules/podmanrunner/forgejo-runner-config.yml',
        owner   => "${user}${userpostfix}",
        group   => "${user}${userpostfix}",
        mode    => '0400',
      }
    }

# Make sure the podman user can read the /data dir
    exec { "make-${user}${userpostfix}-own-runnerdata":
      command  => "${sdrun} /bin/bash -c 'podman unshare chown 1000:1000 /opt/${user}${userpostfix}/runnerdata'",
      path     => '/usr/bin:/usr/sbin:/bin',
      provider => shell,
      logoutput => false,
      unless   => "${sdrun} /bin/bash -c 'podman unshare stat --format %u /opt/${user}${userpostfix}/runnerdata | \
                   grep ^1000$ && podman unshare stat --format %g /opt/${user}${userpostfix}/runnerdata | grep ^1000$'",
    }

    # Make sure the podman user can read the /data/config.yml file
    exec { "podman-${user}${userpostfix}-own-runner-config":
      command  => "${sdrun} /bin/bash -c 'podman unshare chown 1000:1000 /opt/${user}${userpostfix}/runnerdata/config.yml'",
      path     => '/usr/bin:/usr/sbin:/bin',
      provider => shell,
      logoutput => false,
      unless   => "${sdrun} /bin/bash -c 'podman unshare stat --format %u /opt/${user}${userpostfix}/runnerdata/config.yml | \
                  grep ^1000$ && podman unshare stat --format %g /opt/${user}${userpostfix}/runnerdata/config.yml | grep ^1000$'",
    }

    exec { "enable-${user}${userpostfix}-linger":
      command  => "loginctl  enable-linger ${user}${userpostfix}",
      path     => '/usr/bin:/usr/sbin:/bin',
      provider => shell,
      logoutput => false,
      unless   => "test -f /var/lib/systemd/linger/${user}${userpostfix}",
    }

    # If required build runner image by podman-compose
    exec { "${user}${userpostfix}-build-runner-image":
      command  => "${sdrun} /bin/bash -c 'podman-compose build'",
      path     => '/usr/bin:/usr/sbin:/bin',
      provider => shell,
      logoutput => false,
      unless   => "${sdrun} /bin/bash -c 'podman image ls | grep '^localhost/podmanrunner\s\s*3\.[0-9]\.[0-9]''",
    }

    # If not already done, register runner with forgejo instance.
    if $userdata and $userdata["token"] and $userdata["url"] {
      exec { "${user}${userpostfix}-register-runner":
        command  => "${sdrun} /bin/bash -c 'podman run -it --rm -u podman -v ./runnerdata:/data:Z localhost/podmanrunner:3.3.0 /bin/bash -c \
                    \"date >> /data/register.log && forgejo-runner --config /data/config.yml register --no-interactive \
                    --token  ${userdata["token"]} --name runner1 --instance ${userdata["url"]} 1>>/data/register.log 2>&1\"'",
        path     => '/usr/bin:/usr/sbin:/bin',
        provider => shell,
        logoutput => false,
        unless   => "test -f /opt/${user}${userpostfix}/runnerdata/.runner",
      }
    }
  }
}