defaults = {
    'backups': {
        'paths': {
            '/var/lib/forgejo',
        },
    },
    'forgejo': {
        'app_name': 'Forgejo',
        'database': {
            'username': 'forgejo',
            'password': repo.vault.password_for('{} postgresql forgejo'.format(node.name)),
            'database': 'forgejo',
        },
        'disable_registration': True,
        'email_domain_blocklist': set(),
        'enable_git_hooks': False,
        'internal_token': repo.vault.password_for('{} forgejo internal_token'.format(node.name)),
        'lfs_secret_key': repo.vault.password_for('{} forgejo lfs_secret_key'.format(node.name)),
        'oauth_secret_key': repo.vault.password_for('{} forgejo oauth_secret_key'.format(node.name)),
        'security_secret_key': repo.vault.password_for('{} forgejo security_secret_key'.format(node.name)),
    },
    'icinga2_api': {
        'forgejo': {
            'services': {
                'FORGEJO PROCESS': {
                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit forgejo',
                },
                'FORGEJO UPDATE': {
                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v$(forgejo --version | cut -d" " -f3 | sed "s/\\+/\\-/g")',
                    'vars.notification.mail': True,
                    'check_interval': '60m',
                },
            },
        },
    },
    'openssh': {
        'allowed_users': {
            'git',
        },
    },
    'postgresql': {
        'roles': {
            'forgejo': {
                'password': repo.vault.password_for('{} postgresql forgejo'.format(node.name)),
            },
        },
        'databases': {
            'forgejo': {
                'owner': 'forgejo',
            },
        },
    },
    'zfs': {
        'datasets': {
            'tank/forgejo': {
                'mountpoint': '/var/lib/forgejo',
                'needed_by': {
                    'directory:/var/lib/forgejo',
                },
            },
        },
    },
}


@metadata_reactor.provides(
    'nginx/vhosts/forgejo',
)
def nginx(metadata):
    if not node.has_bundle('nginx'):
        raise DoNotRunAgain

    return {
        'nginx': {
            'vhosts': {
                'forgejo': {
                    'domain': metadata.get('forgejo/domain'),
                    'locations': {
                        '/': {
                            'target': 'http://127.0.0.1:22000',
                        },
                        '/debug': {
                            'return': 403,
                        },
                    },
                    'website_check_path': '/user/login',
                    'website_check_string': 'Sign In',
                },
            },
        },
    }