# This puppet manifest is used to configure Sweden Connect proxy servers

# @param environment          The environment that the server belongs to. (referenced in compose file)
# @param version              Version of the docker image to use. (referenced in compose file)
# @param server_fqdn          The FQDN of the server. (referenced in compose file)
# @param connector_directory  The directory where all connector related config and files are stored. (referenced in compose file)
class eid::connector (
  Enum['test', 'qa', 'prod'] $environment,
  String                     $version = '',
  #String                     $connector_hostname = '',
  String                     $server_fqdn = $facts['networking']['fqdn'],
  String                     $connector_directory = '/opt/eidas-connector',
) {

  $pkcs11_pin = safe_hiera('pkcs11_pin')
  $server_fqdn = $facts['networking']['fqdn']

  if $version and $pkcs11_pin != 'NOT_SET_IN_HIERA' {

    # Allow HTTPS from load balancer servers
    sunet::nftables::allow { 'allow-https-from-lbs':
      from => ['94.176.224.38', '94.176.224.166',],
      port => 443,
    }

    # Make sure we create backup directory referenced in compose file
    file { "${connector_directory}/backup":
      ensure => directory,
      mode   => '0755',
      owner  => 'root',
      group  => 'root',
    }

    sunet::docker_compose { 'eidas-connector':
      content          => template('eid/connector/docker-compose.yml.erb'),
      service_name     => 'eidas-connector',
      compose_dir      => '/opt/',
      compose_filename => 'docker-compose.yml',
      description      => 'eidas connector'
    }
  }
}