# idm_app
class eid::idm_app (
) {

  $redises = lookup('redis_cluster_nodes', undef, undef, [])
  $dbs = lookup('mariadb_cluster_nodes', undef, undef, [])
  $dbs_string = join($dbs,',')

  $sql_password = lookup('sql_password', undef, undef, undef)

  ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})
  file { '/opt/idm_app/config/idm.yml':
    content => template('eid/idm/idm.yml.erb'),
    mode    => '0755',
  }


  sunet::nftables::allow { 'expose-allow-https':
    from => ['94.176.224.38', '94.176.224.166', '130.242.126.195','130.242.126.197'],
    port => 443,
  }


  package {'openjdk-17-jre-headless':
    ensure => latest
  }

  $pass = 'qwerty123'
  exec { 'infra.p12':
    command => "keytool -import -noprompt -deststorepass ${pass} -file /etc/ssl/certs/infra.crt -keystore /etc/ssl/certs/infra.p12",
    onlyif  => 'test ! -f /etc/ssl/certs/infra.p12'
  }
  # Unwanted password - but hey Java!
  exec { "${facts['networking']['fqdn']}_infra.p12":
    command => "openssl pkcs12 -export -in /etc/ssl/certs/${facts['networking']['fqdn']}_infra.crt -inkey /etc/ssl/private/${facts['networking']['fqdn']}_infra.pem -name 'infra' -out /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12 -passout pass:${pass}",
    onlyif  => "test ! -f /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12"
  }

  sunet::docker_compose { 'idm_app':
    content          => template('eid/idm/docker-compose.yml.erb'),
    service_name     => 'idm_app',
    compose_dir      => '/opt/',
    compose_filename => 'docker-compose.yml',
    description      => 'Identity matching'
  }
}