[buildout]
parts =
  nginx-service
  cron-service
  cron-entry-logrotate
  logrotate-entry-nginx
  promises
  publish-connection-information
extends = ${monitor-template:rendered}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true

[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
bin = $${buildout:directory}/bin
srv = $${buildout:directory}/srv
var = $${buildout:directory}/var
run = $${:var}/run
log = $${:var}/log
varnginx = $${:var}/nginx
services = $${:etc}/service
cron-entries = $${:etc}/cron.d
www = $${:srv}/www
ssl = $${:etc}/ssl

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}

#################################
# Nginx service
#################################
[nginx-service]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/nginx
command-line =
  ${nginx-push-stream-output:nginx} -c $${nginx-configuration:output}

[nginx-configuration]
recipe = slapos.recipe.template
url = ${template-nginx-configuration:output}
output = $${directory:etc}/nginx.cfg
mode = 0600
access-log = $${directory:log}/nginx-access.log
error-log = $${directory:log}/nginx-error.log
pid-file = $${directory:run}/nginx.pid
ip = $${slap-configuration:ipv6-random}
local-ip = $${slap-configuration:ipv4-random}
port = 9443
base-url = https://[$${nginx-configuration:ip}]:$${nginx-configuration:port}

# Generate a self-signed TLS certificate.
[nginx-certificate]
recipe = plone.recipe.command
command =
  if [ ! -e $${:key-file} ]
  then
    ${openssl:location}/bin/openssl req -x509 -nodes -days 3650 \
      -subj "/C=AA/ST=X/L=X/O=Dis/CN=$${nginx-configuration:ip}" \
      -newkey rsa:1024 -keyout $${:key-file} \
      -out $${:cert-file}
  fi
update-command = $${:command}
key-file = $${directory:ssl}/${:_buildout_section_name_}.key
cert-file = $${directory:ssl}/${:_buildout_section_name_}.cert
common-name = $${nginx-configuration:ip}
stop-on-error = true

[logrotate-entry-nginx]
<= logrotate-entry-base
name = nginx
log =
  $${nginx-configuration:access-log}
  $${nginx-configuration:error-log}
post =
  test ! -s $${nginx-configuration:pid-file} || kill -USR1 $(cat "$${nginx-configuration:pid-file}")

[promises]
recipe =
promises =
  $${nginx-available-promise:recipe}

[nginx-available-promise]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url = $${nginx-configuration:base-url}/status

[publish-connection-information]
recipe = slapos.cookbook:publish
# publisher-url and subscriber-url are URITemplates, with an id
# parameter which is the ID of the channel.
publisher-url = $${nginx-configuration:base-url}/pub{?id}
subscriber-url = $${nginx-configuration:base-url}/sub{/id}