#
# Deploy all code from git 
#

# Include caddy as prerquiste
include:
  - linux.caddy

git:
  pkg.installed: []

/var/www/.ssh:
  file.directory:
    - user: www-data
    - group: www-data
    - dir_mode: 700
    - make_dirs: True

# Give user www-dara a predefined private key, matching public keys st known by bitbucket as deployment key
/var/www/.ssh/id_rsa:
  file.managed:
    - source: salt://cloudradar/staging-deploy/www-data.id_rsa
    - user: www-data
    - group: www-data
    - mode: 600
    - require:
      - file: /var/www/.ssh

bitbucket.org:
  ssh_known_hosts:
    - name: bitbucket.org,104.192.143.1
    - present
    - user: www-data
    - key: "xxx"
    - enc: ssh-rsa
    - hash_known_hosts: False


{% for project in 'my.cloudradar.io','hostinstaller','notifier','nocc' %}
# Initial git clone
git-clone-{{project}}:
  cmd.run:
    - cwd: /var/www
    - name: git clone [email protected]:cloudradar/{{project}}.git
    - runas: www-data
    - unless: test -d /var/www/{{project}}
    - require:
      - ssh_known_hosts: bitbucket.org
{% endfor %}

# Create a database and a user
cloudradar-user:
  mysql_user.present:
    - name: cloudradar
    - host: localhost
    - password: xxxx
    - connection_user: root
    - connection_pass: xxxx

cloudradar-db:
  mysql_database.present:
    - name: cloudradar
    - host: localhost
    - connection_user: root
    - connection_pass: xxxxx
    - character_set: UTF8

cloudradar-grants:
  mysql_grants.present:
    - grant: all privileges
    - database: cloudradar.*
    - user: cloudradar
    - connection_user: root
    - connection_pass: xxxx
    - character_set: UTF8

# Import schema
import-schema:
  cmd.run:
    - cwd: /var/www/my.cloudradar.io/application/config
    - runas: root
    - name: mysql -u cloudradar -pxxxxx cloudradar < schema.sql
    - unless: test -e /var/lib/mysql/cloudradar/hosts.ibd
    - require:
      - mysql_user: cloudradar-user
      - mysql_database: cloudradar-db
      - mysql_grants: cloudradar-grants
      - cmd: git-clone-my.cloudradar.io

# Copy a webserver config
/etc/caddy/Caddyfile.cloudradar:
  file.managed:
    - source: salt://cloudradar/staging-deploy/Caddyfile.cloudradar
    - user: root
    - mode: 644

#/etc/caddy/Caddyfile:
#  file.symlink:
#    - target: /etc/caddy/Caddyfile.cloudradar
#    - user: root
#    - mode: 644
#    - require:
#      - file: /etc/caddy/Caddyfile.cloudradar

# Install local mailcatcher. System is not able to mail to the outside
postfix:
  pkg.installed:
    - require:
      - pkg: exim

exim:
  pkg.purged: []

popa3d:
  pkg.installed:
    - require:
      - pkg: postfix

mailutils:
  pkg.installed: []

pwgen:
  pkg.installed: []

mailcatcher:
  user.present:
    - fullname: Mailcatcher
    - shell: /usr/sbin/nologin
    - home: /home/mailcatcher
    # Set password to xxxx
    - password: "$6$ctvqnAxh$4t74taP5mCEmgao.Hz8TUw4GelVVUS2BpFvuAWFYYFUWWmPQ5SLdBEubbPOTR2xB.woj9V3vJl4jubLak5.0K/"

/etc/postfix/regexaliases:
  file.managed:
    - contents: "/.*@.*/    mailcatcher@localhost"
    - user: root
    - mode: 644

/etc/postfix/main.cf:
  file.managed:
    - source: salt://cloudradar/staging-deploy/postfix-main.cf
    - user: root
    - mode: 644

postfix-service:
  service.running:
    - name: postfix
    - watch:
      - file: /etc/postfix/main.cf
      - file: /etc/postfix/regexaliases

# Make sure no mailout is possible
localhost:
  iptables.append:
    - table: filter
    - chain: OUTPUT
    - jump: ACCEPT
    - match: state
    - destination: 127.0.0.1
    - connstate: NEW
    - save: True

smtp:
  iptables.append:
    - table: filter
    - chain: OUTPUT
    - jump: REJECT
    - proto: tcp
    - dport: 25
    - match: state
    - connstate: NEW
    - save: True