locals {
  global = {
      "domain"         = var.namespace
      "domain-name"    = var.domain-name
      "issuer"         = var.issuer
      "ingress-class"  = var.ingress-class
      "distributions"  = var.distributions
      "backups"        = var.backups
      "storage-classes"= var.storage-classes
  }
  annotations = {
    "vynil.solidite.fr/meta" = var.component
    "vynil.solidite.fr/name" = var.namespace
    "vynil.solidite.fr/domain" = var.domain-name
    "vynil.solidite.fr/issuer" = var.issuer
    "vynil.solidite.fr/ingress" = var.ingress-class
  }
  auth = { for k, v in var.auth : k => v if k!="enable" }
  infra = { for k, v in var.infra : k => v if k!="enable" }
  ci = { for k, v in var.ci : k => v if k!="enable" }
  erp = { for k, v in var.erp : k => v if k!="enable" }
  apps = { for k, v in var.apps : k => v if k!="enable" }
  mail = { for k, v in var.mail : k => v if k!="enable" }
  devspaces = { for k, v in var.devspaces : k => v if k!="enable" }

  # Force install authentik and it's modules when any are needed
  use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable)
  use-forward = var.infra.enable && var.infra.traefik.enable
  use-other-auth = false
  added-auth-ldap = local.use-ldap?{
    "authentik-ldap" = {"enable"= true}
  }:{}
  added-auth-forward = local.use-forward?{
    "authentik-forward" = {"enable"= true}
  }:{}
  added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({
    "authentik" = {"enable" = true}
  },local.added-auth-ldap,local.added-auth-forward):{}
  divisions = {
    "clients" = {
      "enable" = false
      "apps" = []
      "divisions" = []
    }
    "employes" = {
      "enable" = true
      "apps" = []
      "divisions" = []
    }
    "fournisseurs" = {
      "enable" = false
      "apps" = []
      "divisions" = []
    }
  }
  devspaces-custom = {
    external-pgs = concat(var.erp.enable&&var.erp.dolibarr.enable?[{
      "name" = "dolibarr-dolibarr-pg"
      "dbname" = "dolibarr"
      "username" = "dolibarr"
      "namespace" = "${var.namespace}-erp"
      "secret" = {
        "name" = "dolibarr-dolibarr-pg-app"
        "key" = "password"
      }
    }]:[], var.apps.enable&&var.apps.nextcloud.enable?[{
      "name" = "nextcloud-nextcloud-pg"
      "dbname" = "nextcloud"
      "username" = "nextcloud"
      "namespace" = "${var.namespace}-files"
      "secret" = {
        "name" = "nextcloud-nextcloud-pg-app"
        "key" = "password"
      }
    }]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{
      "name" = "authentik-authentik-pg"
      "dbname" = "authentik"
      "username" = "authentik"
      "namespace" = "${var.namespace}-auth"
      "secret" = {
        "name" = "authentik-authentik-pg-app"
        "key" = "password"
      }
    }]:[], var.ci.enable&&var.ci.gitea.enable?[{
      "name" = "gitea-gitea-pg"
      "dbname" = "gitea"
      "username" = "gitea"
      "namespace" = "${var.namespace}-ci"
      "secret" = {
        "name" = "gitea-gitea-pg-app"
        "key" = "password"
      }
    }]:[], lookup(var.devspaces, "external-pgs", []))
    external-mongos = concat(var.mail.enable&&var.mail.wildduck.enable?[{
      "name" = "wildduck-wildduck-mongo"
      "dbname" = "wildduck"
      "username" = "wildduck"
      "namespace" = "${var.namespace}-mail"
      "secret" = {
        "name" = "wildduck-wildduck-mongo"
        "key" = "password"
      }
    }]:[], lookup(var.devspaces, "external-mongos", []))
    external-redis = concat(var.mail.enable&&var.mail.wildduck.enable?[{
      "name" = "wildduck-wildduck-redis"
      "namespace" = "${var.namespace}-mail"
    }]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{
      "name" = "authentik-authentik-redis"
      "namespace" = "${var.namespace}-auth"
      "secret" = {
        "name" = "authentik"
        "key" = "AUTHENTIK_REDIS__PASSWORD"
      }
    }]:[], var.erp.enable&&var.erp.dolibarr.enable?[{
      "name" = "dolibarr-dolibarr-redis"
      "namespace" = "${var.namespace}-erp"
    }]:[], var.apps.enable&&var.apps.nextcloud.enable?[{
      "name" = "nextcloud-nextcloud-redis"
      "namespace" = "${var.namespace}-files"
    }]:[], lookup(var.devspaces, "external-redis", []))
    "haveGitea" = var.ci.enable && var.ci.gitea.enable
  }
}

resource "kubectl_manifest" "auth" {
  count = var.auth.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "auth"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-auth"
      options: ${jsonencode(merge(local.global, local.added-auth, local.divisions, local.auth))}
  EOF
}
resource "kubectl_manifest" "infra" {
  count = var.infra.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "infra"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-infra"
      options: ${jsonencode(merge(local.global, local.infra))}
  EOF
}
resource "kubectl_manifest" "ci" {
  count = var.ci.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "ci"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-ci"
      options: ${jsonencode(merge(local.global, local.ci))}
  EOF
}
resource "kubectl_manifest" "erp" {
  count = var.erp.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "erp"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-erp"
      options: ${jsonencode(merge(local.global, local.erp))}
  EOF
}
resource "kubectl_manifest" "apps" {
  count = var.apps.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "apps"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-apps"
      options: ${jsonencode(merge(local.global, local.apps))}
  EOF
}
resource "kubectl_manifest" "mail" {
  count = var.mail.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "mail"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-mail"
      options: ${jsonencode(merge(local.global, local.mail))}
  EOF
}
resource "kubectl_manifest" "devspaces" {
  count = var.devspaces.enable ? 1 : 0
  yaml_body  = <<-EOF
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
      name: "devspaces"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      distrib: "${var.distributions.domain}"
      category: "meta"
      component: "domain-devspaces"
      options: ${jsonencode(merge(local.global, local.devspaces, local.devspaces-custom))}
  EOF
}