resource "docker_image" "concourse" {
  name = "concourse/concourse:7.8.3"
}

resource "docker_container" "concourse" {
  image      = docker_image.concourse.image_id
  name       = "concourse"
  privileged = true
  must_run   = false

  command = ["quickstart"]

  networks_advanced {
    name = data.docker_network.traefik.name
  }

  ports {
    internal = 8080
    external = 8080
    ip = "192.168.10.147"
  }

  env = [
    "CONCOURSE_POSTGRES_HOST=knot.vpn.trygvis.io",
    "CONCOURSE_POSTGRES_USER=concourse",
    "CONCOURSE_POSTGRES_PASSWORD=concourse",
    "CONCOURSE_POSTGRES_DATABASE=concourse",
    "CONCOURSE_POSTGRES_PORT=5432",
    "CONCOURSE_POSTGRES_SSLMODE=require",
    "CONCOURSE_EXTERNAL_URL=https://concourse.trygvis.io",
    "CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay",
    "CONCOURSE_CLIENT_SECRET=Y29uY291cnNlLXdlYgo=",
    "CONCOURSE_TSA_CLIENT_SECRET=Y29uY291cnNlLXdvcmtlcgo=",
    "CONCOURSE_X_FRAME_OPTIONS=allow",
    "CONCOURSE_CONTENT_SECURITY_POLICY=*",
    "CONCOURSE_CLUSTER_NAME=tutorial",
    "CONCOURSE_WORKER_CONTAINERD_DNS_SERVER=8.8.8.8",
    "CONCOURSE_WORKER_RUNTIME=containerd",
    "CONCOURSE_ENABLE_ACROSS_STEP=true",

    "CONCOURSE_ADD_LOCAL_USER=trygvis:trygvis",
    "CONCOURSE_MAIN_TEAM_LOCAL_USER=trygvis",

#    "CONCOURSE_MAIN_TEAM_GITHUB_ORG=org-name",
#    "CONCOURSE_MAIN_TEAM_GITHUB_TEAM=bitraf:Drift",
#    "CONCOURSE_MAIN_TEAM_GITHUB_USER=some-user",

#    "CONCOURSE_GITHUB_CLIENT_ID=${data.ansiblevault_path.github_client_id.value}",
#    "CONCOURSE_GITHUB_CLIENT_SECRET=${data.ansiblevault_path.github_client_secret.value}",
  ]
}