resource "cloudflare_dns_record" "git-othrayte-one" {
  comment = "git.othrayte.one maps to tailscale fqdn"
  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
  type    = "CNAME"
  name    = "git.othrayte.one"
  content = "git.tail15856.ts.net"
  ttl     = 1 # Auto
}

resource "nomad_job" "gitea" {
  jobspec = templatefile("gitea.nomad.hcl", {
    ts_authkey = data.sops_file.secrets.data["tailscale.auth_key"]
  })
}

resource "nomad_variable" "gitea" {
  path = "nomad/jobs/gitea"
  items = {
    internal_token = data.sops_file.secrets.data["gitea.internal_token"]
    jwt_secret     = data.sops_file.secrets.data["gitea.jwt_secret"]
  }
}

resource "postgresql_role" "gitea" {
  name     = "gitea"
  password = "gitea"
  login    = true
}

resource "postgresql_database" "gitea" {
  name  = "gitea"
  owner = postgresql_role.gitea.name
}

resource "nomad_csi_volume_registration" "unraid_appdata_gitea" {
  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
  depends_on = [data.nomad_plugin.smb]
  plugin_id  = "smb"

  volume_id = "unraid_appdata_gitea"
  name      = "unraid_appdata_gitea"

  external_id = "unraid_appdata_gitea"

  capability {
    access_mode     = "single-node-writer"
    attachment_mode = "file-system"
  }

  context = {
    source = "//192.168.1.192/appdata"
    subDir = "gitea" # Note: Needs to be manually created on the share
  }

  secrets = {
    "username" = "nomad"
    "password" = data.sops_file.secrets.data["unraid.nomad"]
  }
}