---

# Name of this instance (controls job and service name)
instance: bounca

bounca:

  # The image to use
  image: danielberteaud/bounca:latest

  vault:
    # Vault policies to use
    policies:
      - '[[ .instance ]][[ .consul.suffix ]]'
    # Random secrets to generate
    rand_secrets:
      fields:
        - django_secret

  postgres:
    database: '[[ .instance ]]'
    user: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
    password: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'

  # Env variable to pass to the container
  env:
    BOUNCA_DB_NAME: '[[ .bounca.postgres.database ]]'
    BOUNCA_DJANGO_SECRET: '{{ with secret "[[ .vault.root ]]/kv/service/[[ .instance ]]" }}{{ .Data.data.django_secret }}{{ end }}'

  # Public URL where user can reach the app
  public_url: https://pki.example.org

  # Custom django settings
  django_custom_settings: ""

  # Wait for postgres to be ready before starting
  wait_for:
    - service: master.postgres[[ .consul.suffix ]]

  # Connect to the postgres service through the service mesh]
  consul:
    connect:
      upstreams:
        - destination_name: postgres[[ .consul.suffix ]]
          local_bind_port: 5432

  # Traefik settings
  traefik: {}

  # Settings for /public, which can be different from the main interface
  # /public expose certificates and CRL so it should usually be publicly accessible
  public:
    traefik:
      auto_rule: false
      router: '[[ .instance ]]-public[[ .consul.suffix ]]'

  # Resource allocation for the main bounca task
  resources:
    cpu: 200
    memory: 192