data "docker_network" "traefik" {
  name = "traefik"
}

data "docker_network" "bridge" {
  name = "bridge"
}

resource "docker_image" "concourse-7_9_0" {
  name = "concourse/concourse:7.9.0"
}

resource "docker_container" "concourse" {
  image      = docker_image.concourse-7_9_0.image_id
  name       = "concourse"
  privileged = true
  must_run   = false

  command = ["quickstart"]

  networks_advanced {
    name = data.docker_network.traefik.name
  }

  networks_advanced {
    name = data.docker_network.bridge.name
  }

  ports {
    internal = 8080
    external = 8080
    ip       = "192.168.10.147"
  }

  mounts {
    type = "bind"
    target = "/worker-state"
    source = "/data3/concourse"
  }

  labels {
    label = "traefik.enable"
    value = "true"
  }

  labels {
    label = "traefik.enable"
    value = "true"
  }
  labels {
    label = "traefik.http.routers.concourse.rule"
    value = "Host(`${local.domain_name}`)"
  }
  labels {
    label = "traefik.http.routers.concourse.entrypoints"
    value = "websecure"
  }
  labels {
    label = "traefik.http.routers.concourse.tls.certresolver"
    value = "linode"
  }

  env = [
    "CONCOURSE_POSTGRES_HOST=knot.vpn.trygvis.io",
    "CONCOURSE_POSTGRES_PORT=5432",
    "CONCOURSE_POSTGRES_USER=${postgresql_role.concourse.name}",
    "CONCOURSE_POSTGRES_PASSWORD=${postgresql_role.concourse.password}",
    "CONCOURSE_POSTGRES_DATABASE=${postgresql_database.concourse.name}",
    "CONCOURSE_POSTGRES_SSLMODE=require",
    "CONCOURSE_EXTERNAL_URL=https://${local.domain_name}",
    "CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay",
    "CONCOURSE_CLIENT_SECRET=Y29uY291cnNlLXdlYgo=",
    "CONCOURSE_TSA_CLIENT_SECRET=Y29uY291cnNlLXdvcmtlcgo=",
    "CONCOURSE_X_FRAME_OPTIONS=allow",
    "CONCOURSE_CONTENT_SECURITY_POLICY=*",
    "CONCOURSE_CLUSTER_NAME=tutorial",
    "CONCOURSE_WORKER_CONTAINERD_DNS_SERVER=8.8.8.8",
    "CONCOURSE_WORKER_RUNTIME=containerd",
    "CONCOURSE_ENABLE_ACROSS_STEP=true",
    "CONCOURSE_ENABLE_PIPELINE_INSTANCES=true",

    "CONCOURSE_WORK_DIR=/opt/concourse/worker",

    "CONCOURSE_ADD_LOCAL_USER=trygvis:trygvis",
    "CONCOURSE_MAIN_TEAM_LOCAL_USER=trygvis",

    #    "CONCOURSE_MAIN_TEAM_GITHUB_ORG=org-name",
    #    "CONCOURSE_MAIN_TEAM_GITHUB_TEAM=bitraf:Drift",
    #    "CONCOURSE_MAIN_TEAM_GITHUB_USER=some-user",

    #    "CONCOURSE_GITHUB_CLIENT_ID=${data.ansiblevault_path.github_client_id.value}",
    #    "CONCOURSE_GITHUB_CLIENT_SECRET=${data.ansiblevault_path.github_client_secret.value}",
  ]
}