# WIP
defaults = {
    'apt': {
        'repos': {
            'rspamd': {
                'items': {
                    'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
                },
            },
        },
        'packages': {
            'clamav': {},
            'clamav-daemon': {},
            'clamav-freshclam': {},
            'clamav-unofficial-sigs': {
                'needs': {
                    'pkg_apt:clamav',
                    'pkg_apt:clamav-daemon',
                },
            },
            'rspamd': {},
        },
    },
    'icinga2_api': {
        'rspamd': {
            'services': {
                'RSPAMD PROCESS': {
                    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C rspamd -c 1:',
                },
                'RSPAMD PROXY PORT': {
                    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11332',
                },
                'RSPAMD WORKER PORT': {
                    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11333',
                },
                'RSPAMD WEB INTERFACE': {
                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_http_url_for_string http://localhost:11334/ "Login to Rspamd"',
                },
            },
        },
    },
    'backups': {
        'paths': {
            '/var/lib/rspamd',
        },
    },
    'cron': {
        'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * *    clamav    /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
    },
    'postfix': {
        'aliases': {
            'clamav': {
                'root',
            },
            'dmarc': {
                'root',
            },
        },
    },
    'rspamd': {
        'dkim': repo.vault.password_for(f'{node.name} rspamd dkim key'),
    },
    'telegraf': {
        'input_plugins': {
            'exec': {
                'rspamd': {
                    'commands': [
                        '/usr/local/bin/telegraf-rspamd-plugin',
                    ],
                    'data_format': 'influx',
                    'timeout': '5s',
                },
            },
        },
    },
    'zfs': {
        'datasets': {
            'tank/rspamd': {},
            'tank/rspamd/rspamd': {
                'mountpoint': '/var/lib/rspamd',
                'needed_by': {
                    'directory:/var/lib/rspamd/dkim',
                    'pkg_apt:rspamd',
                },
            },
            'tank/rspamd/clamav': {
                'mountpoint': '/var/lib/clamav',
                'needed_by': {
                    'pkg_apt:clamav',
                    'pkg_apt:clamav-daemon',
                    'pkg_apt:clamav-freshclam',
                },
            },
            'tank/rspamd/clamav-unofficial-sigs': {
                'mountpoint': '/var/lib/clamav-unofficial-sigs',
                'needed_by': {
                    'pkg_apt:clamav-unofficial-sigs',
                    'pkg_apt:clamav-freshclam',
                },
            },
        },
    },
}


# Nodes managed by us should always be able to send mail to all other
# servers.
@metadata_reactor.provides(
    'rspamd/ignore_spam_check_for_ips',
)
def populate_permitted_ips_list_with_ips_from_repo(metadata):
    ips = set()

    for rnode in repo.nodes:
        for _, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items():
            for ip in found_ips:
                if not ip.is_private:
                    ips.add(str(ip))

    return {
        'rspamd': {
            'ignore_spam_check_for_ips': ips,
        },
    }