data "docker_registry_image" "wekan" {
  name = "quay.io/wekan/wekan"
}

data "docker_registry_image" "mongo" {
  name = "mongo:6" // Yes. Don't ask.
}

data "docker_network" "traefik" {
  name = "traefik"
}

resource "docker_network" "wekan" {
  name       = "wekan"
  attachable = true
  driver     = "overlay"

  lifecycle {
    ignore_changes = [labels]
  }
}



locals {
  labels = {
    "shepherd.auto-update"                                 = "true",
    "traefik.enable"                                       = "true"
    "traefik.http.services.wekan.loadbalancer.server.port" = "8080",
    "traefik.http.routers.wekan.rule"                      = "Host(`kanban.chaoswest.tv`)",
    "traefik.http.routers.wekan.tls"                       = "true",
    "traefik.http.routers.wekan.tls.certresolver"          = "default",
  }
}

resource "docker_service" "mongo" {
  name = "wekan-mongo"

  task_spec {
    networks_advanced {
      name = docker_network.wekan.id
    }

    container_spec {
      image = "${data.docker_registry_image.mongo.name}@${data.docker_registry_image.mongo.sha256_digest}"

      mounts {
        target = "/data/db"
        source = "/mnt/data/kanban/mongodb/"
        type   = "bind"
      }
    }
  }
}

resource "docker_service" "wekan" {
  name = "wekan"

  dynamic "labels" {
    for_each = local.labels
    content {
      label = labels.key
      value = labels.value
    }
  }

  task_spec {
    networks_advanced {
      name = data.docker_network.traefik.id
    }

    networks_advanced {
      name = docker_network.wekan.id
    }

    container_spec {
      image = "${data.docker_registry_image.wekan.name}@${data.docker_registry_image.wekan.sha256_digest}"

      env = merge({
        for k, v in var.secrets : k => v
        }, {
        MONGO_URL                = "mongodb://wekan-mongo:27017/wekan"
        ROOT_URL                 = "https://kanban.chaoswest.tv/"
        #OIDC_REDIRECTION_ENABLED = "true"
        OAUTH2_ENABLED           = "true"
        OAUTH2_LOGIN_STYLE       = "redirect"
        OAUTH2_SERVER_URL        = "https://authentik.montage2.de"
        OAUTH2_CLIENT_ID         = var.secrets.authentik_client_id
        OAUTH2_SECRET            = var.secrets.authentik_client_secret
        OAUTH2_AUTH_ENDPOINT     = "/application/o/authorize/"
        OAUTH2_USERINFO_ENDPOINT = "/application/o/userinfo/"
        OAUTH2_TOKEN_ENDPOINT    = "/application/o/token/"
        OAUTH2_ID_MAP            = "preferred_username"
        OAUTH2_USERNAME_MAP      = "preferred_username"
        OAUTH2_FULLNAME_MAP      = "given_name"
        OAUTH2_EMAIL_MAP         = "email"
      })
    }
  }
}