defaults = {
    'backups': {
        'paths': {
            '/home/git',
            '/var/lib/gitea',
        },
    },
    'gitea': {
        'app_name': 'Gitea',
        'database': {
            'username': 'gitea',
            'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
            'database': 'gitea',
        },
        'email_domain_blocklist': set(),
        'enable_git_hooks': False,
        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
    },
    'icinga2_api': {
        'gitea': {
            'services': {
                'GITEA PROCESS': {
                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit gitea',
                },
            },
        },
    },
    'openssh': {
        'allowed_users': {
            'git',
        },
    },
    'postgresql': {
        'roles': {
            'gitea': {
                'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
            },
        },
        'databases': {
            'gitea': {
                'owner': 'gitea',
            },
        },
    },
    'zfs': {
        'datasets': {
            'tank/gitea': {},
            'tank/gitea/home': {
                'mountpoint': '/home/git',
                'needed_by': {
                    'directory:/home/git',
                },
            },
            'tank/gitea/var': {
                'mountpoint': '/var/lib/gitea',
                'needed_by': {
                    'directory:/var/lib/gitea',
                },
            },
        },
    },
}


@metadata_reactor.provides(
    'nginx/vhosts/gitea',
)
def nginx(metadata):
    if not node.has_bundle('nginx'):
        raise DoNotRunAgain

    return {
        'nginx': {
            'vhosts': {
                'gitea': {
                    'domain': metadata.get('gitea/domain'),
                    'locations': {
                        '/': {
                            'target': 'http://127.0.0.1:22000',
                        },
                    },
                    'website_check_path': '/user/login',
                    'website_check_string': 'Sign In',
                },
            },
        },
    }


@metadata_reactor.provides(
    'icinga2_api/gitea/services',
)
def icinga_check_for_new_release(metadata):
    return {
        'icinga2_api': {
            'gitea': {
                'services': {
                    'GITEA UPDATE': {
                        'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release go-gitea/gitea v{}'.format(metadata.get('gitea/version')),
                        'vars.notification.mail': True,
                        'check_interval': '60m',
                    },
                },
            },
        },
    }