# Kernel parameters:
execute 'modprobe br_netfilter'
execute 'modprobe bridge'

remote_file '/etc/sysctl.d/90-nomad.conf' do
  owner 'root'
  group 'root'
  mode '0644'
end

# nomad configuration files:
file '/etc/nomad.d/nomad.hcl' do
  action :delete
end

if node['nomad']['manager']
  %w( server.hcl acl.hcl ).each do |conf|
    remote_file "/etc/nomad.d/#{conf}" do
      owner 'nomad'
      group 'nomad'
      mode '664'

      notifies :restart, 'service[nomad]'
    end
  end

  directory '/etc/nomad.d/policies' do
    owner 'nomad'
    group 'nomad'
    mode '755'
  end

  remote_file '/etc/nomad.d/policies/anonymous.hcl' do
    owner 'nomad'
    group 'nomad'
    mode '644'
  end
end

if node['nomad']['client']
  %w( /etc/nomad.d/client.hcl  ).each do |conf|
    template conf do
      owner 'nomad'
      group 'nomad'
      mode '664'

      variables(consul_token: node['nomad']['consul_token'])

      notifies :restart, 'service[nomad]'
    end
  end

  remote_file "/etc/nomad.d/options.hcl" do
    mode   "0644"
    owner  "nomad"
    group  "nomad"

    notifies :restart, 'service[nomad]'
  end

  directory '/etc/nomad.d/jobs' do
    owner 'nomad'
    group 'nomad'
    mode '755'
  end

  %w( countdash.hcl countdash-intention.hcl ).each do |f|
    remote_file "/etc/nomad.d/jobs/#{f}" do
      owner 'nomad'
      group 'nomad'
      mode '644'
    end
  end
end

# Create directory:
directory '/opt/nomad/data/' do
  owner 'nomad'
  group 'nomad'
  mode '0755'
end

# iptables settings here:
%w( 80/tcp 4646/tcp 4647/tcp 4648/tcp 8081/tcp 20000:32000/tcp ).each do |port|
  execute "ufw allow #{port}" do
    user 'root'

    not_if "LANG=c ufw status | grep #{port}"

    notifies :run, 'execute[ufw reload-or-enable]'
  end
end

# Enable and start nomad:
service 'nomad' do
  action [:enable, :start]
end

# Deploy `vector` config:
remote_file '/etc/vector/nomad.toml' do
  owner 'root'
  group 'root'
  mode '644'

  notifies :restart, 'service[vector-nomad]'
end

# Deploy the `systemd` configuration:
remote_file '/lib/systemd/system/vector-nomad.service' do
  owner 'root'
  group 'root'
  mode '644'
end

# Service setting:
service 'vector-nomad' do
  action [ :enable, :restart ]
end

remote_file '/etc/rsyslog.d/30-nomad.conf' do
  owner 'root'
  group 'root'
  mode '644'

  notifies :restart, 'service[rsyslog]'
end

service 'rsyslog' do
  action [ :nothing ]
end

# Deploy the `logrotated` configuration:
remote_file '/etc/logrotate.d/nomad' do
  owner 'root'
  group 'root'
  mode '644'
end