#
# Cookbook:: esh_lxd
# Recipe:: containers
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

node['esh']['lxd']['containers'].each do |container, params|
  if params['type'] == 'lxc'
    execute "create container #{container}" do
      command "lxc launch images:#{params['image']} #{container}"
      not_if "lxc info #{container}"
      live_stream true
    end
  end
  if params['type'] == 'vm'
    execute "create vm #{container}" do
      command <<~EOT
        lxc launch images:#{params['image']} #{container} --vm
        sleep 1m
        lxc stop #{container}
      EOT
      not_if "lxc info #{container}"
      live_stream true
    end
  end

  params['volumes'].each do |name, vol_params|
    execute "create volume #{name} on #{vol_params['pool']} for #{container}" do
      command "lxc storage volume create #{vol_params['pool']} #{name}"
      not_if "lxc storage volume show #{vol_params['pool']} #{name}"
      live_stream true
    end

    execute "add volume #{name} on #{vol_params['pool']} for #{container}:/var/lib/#{name}" do
      command "lxc config device add #{container} #{name} disk pool=#{vol_params['pool']} source=#{name} path=#{vol_params['path']}"
      not_if "lxc config device get #{container} #{name} path"
      live_stream true
    end
  end
  
  if params['type'] == 'vm'
    execute "set vm mem #{container}" do
      command "lxc config set #{container} limits.memory=#{params['mem']}"
      not_if "lxc config get #{container} limits.memory | grep #{params['mem']}"
      live_stream true
    end
    execute "set vm cpu #{container}" do
      command "lxc config set #{container} limits.cpu=#{params['cpu']}"
      not_if "lxc config get #{container} limits.cpu | grep #{params['cpu']}"
      live_stream true
    end
    execute "set vm disk #{container}" do
      command "lxc config device override #{container} root size=#{params['disk']}"
      not_if "lxc config device get #{container} root size | grep -q #{params['disk']}"
      live_stream true
    end
    execute "start vm #{container}" do
      command "lxc start #{container} && sleep 1m"
      only_if "lxc info #{container} | grep -q STOPPED"
      live_stream true
    end
  end

  unless params['cinc_flavor'].nil?
    distribution = params['cinc_flavor'].split('/').first
    release = params['cinc_flavor'].split('/').last
    cinc_url = node['esh']['cinc'][distribution][release]['url']
    filename = cinc_url.split('/').last

    esh_cinc_download cinc_url do
      distribution distribution
      release release
    end

    execute "push cinc to container #{container}" do
      command "lxc file push #{Chef::Config['file_cache_path']}/#{distribution}/#{release}/#{filename} #{container}/opt/"
      not_if "lxc exec #{container} -- test -f /opt/#{filename}"
      live_stream true
      # Sometimes the container has just been created and copy fail since
      # starting take a few secs
      retries 3
    end

    execute "install cinc to container #{container}" do
      command "lxc exec #{container} -- apt install -y /opt/#{filename}"
      not_if "lxc exec #{container} -- dpkg -s cinc"
      live_stream true
    end
  end

  execute "lxc restart #{container}" do
    command "lxc restart #{container}"
    action :nothing
  end

  unless params['apparmor'].nil?
    execute "set apparmor profile for #{container}" do
      command "lxc config set #{container} raw.lxc lxc.apparmor.profile=#{params['apparmor']}"
      not_if do
        `lxc config get #{container} raw.lxc`.strip == "lxc.apparmor.profile=#{params['apparmor']}"
      end
      live_stream true
      notifies :run, "execute[lxc restart #{container}]", :immediately
    end
  end

  unless params['security.nesting'].nil?
    execute "set security.nesting for #{container}" do
      command "lxc config set #{container} security.nesting=#{params['security.nesting']}"
      not_if do
        `lxc config get #{container} security.nesting`.strip == params['security.nesting']
      end
      live_stream true
      notifies :run, "execute[lxc restart #{container}]", :immediately
    end
  end

  next if params['cloudflared'].nil?
  params['cloudflared'].each do |tunnel_name, tunnel_hostname|
    esh_cloudflared_tunnel tunnel_name do
      tunnel_hostname tunnel_hostname
    end
  end
end