# Configure a SUNET CDN DB server
class cdn::db(
  String $postgres_version = '17.0-bookworm',
)
{

  $db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef })

  if $db_secrets {
    file { '/opt/sunet-cdn':
      ensure => directory,
      owner  => 'root',
      group  => 'root',
      mode   => '0755',
    }

    file { '/opt/sunet-cdn/compose':
      ensure => directory,
      owner  => 'root',
      group  => 'root',
      mode   => '0750',
    }

    file { '/opt/sunet-cdn/db':
      ensure => directory,
      owner  => 'root',
      group  => 'root',
      mode   => '0750',
    }

    # User/group 999 matches postgres user in container
    file { '/opt/sunet-cdn/db/conf':
      ensure => directory,
      owner  => '999',
      group  => '999',
      mode   => '0750',
    }

    file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d':
      ensure => directory,
      owner  => '999',
      group  => '999',
      mode   => '0750',
    }

    file { '/opt/sunet-cdn/db/conf/init-cdn-db.conf':
      ensure => file,
      owner  => '999',
      group  => '999',
      mode   => '0640',
      content => template('cdn/db/init-cdn-db.conf.erb'),
    }

    file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d/init-cdn-db.sh':
      ensure => file,
      owner  => '999',
      group  => '999',
      mode   => '0750',
      content => file('cdn/db/init-cdn-db.sh'),
    }

    sunet::nftables::docker_expose { 'postgres-db' :
      allow_clients => '127.0.0.1',
      port          => 5432,
      iif           => $facts['networking']['primary'],
    }

    sunet::docker_compose { 'sunet-cdn-db':
      content          => template('cdn/db/docker-compose.yml.erb'),
      service_name     => 'cdn-db',
      compose_dir      => '/opt/sunet-cdn/compose',
      compose_filename => 'docker-compose.yml',
      description      => 'SUNET CDN DB',
    }
  }
}