# Listening Domain
locals {
  SUBDOMAIN = "umami" // End with dot or leave blamk for root domain
  DOMAIN = "example.com"
  TRAEFIK_DOMAIN = "${local.SUBDOMAIN}${local.DOMAIN}"
}

// OP is 1Password for CLI
locals {
  OP_DB_USER = "op://InfraSecrets/Umami/ENV_SECRETS/PostgresUsername"
  OP_DB_PASSWORD = "op://InfraSecrets/Umami/ENV_SECRETS/PostgresPassword"
  OP_AppSecret = "op://InfraSecrets/Umami/ENV_SECRETS/AppSecret"
}

locals {
  USER_PASSWORD = "${local.OP_DB_USER}:${local.OP_DB_PASSWORD}"
  
  UMAMI_APPSECRET = "${local.OP_AppSecret}"
  UMAMI_DB_URL = "postgresql://${local.USER_PASSWORD}@127.0.0.1:5432/umami"
  UMAMI_DB_TYPE = "postgresql"
}

job "umami" {
  datacenters = ["dc1"]
  type = "service"

  group "application" {
    count = 1

    network {
      mode = "bridge"
      port "httpIngress" {
        to = 3000
      }
    }

    service {
      name = "umami"
      port = "httpIngress"

      connect {
        sidecar_service {
          proxy {
            upstreams {
              destination_name   = "postgres"
              local_bind_address = "127.0.0.1"
              local_bind_port    = 5432
            }
          } 
          tags = ["traefik.enable=false"] # Hide envoy from traefik
        }
      }

      tags = [
        "traefik.enable=true",
        "traefik.http.routers.umami.tls=true",
        "traefik.http.routers.umami.entrypoints=websecure",
        "traefik.http.routers.umami.rule=Host(`${local.TRAEFIK_DOMAIN}`)"
      ]

      check {
        type = "http"
        path = "/api/heartbeat"
        interval = "10s"
        timeout = "2s"
      }
    }

    task "umami" {
      driver = "docker"

      config {
        image = "ghcr.io/umami-software/umami:postgresql-latest"
        ports = ["httpIngress"]
      }

      env = {
        DATABASE_URL="${local.UMAMI_DB_URL}"
        DATABASE_TYPE="${local.UMAMI_DB_TYPE}"
        APP_SECRET:"${local.UMAMI_APPSECRET}"
      }

      resources {
        cpu = 2000
        memory = 1024
        memory_max = 2048
      }
    }
  }
}