# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, pkgs, ... }:
let
  synapseCfg = config.services.matrix-synapse.settings;
in
{
  sops.secrets = {
    go-neb-overrides.sopsFile = ../../secrets.yaml;
  };

  users.users.go-neb = {
    isSystemUser = true;
    group = "go-neb";
  };
  users.groups.go-neb = { };

  services.go-neb = rec {
    enable = true;
    bindAddress = "127.0.0.1:8010";
    baseUrl = "http://${bindAddress}";
    config = {
      clients = [
        {
          UserID = "@alertmanager:${synapseCfg.server_name}";
          HomeserverURL = synapseCfg.public_baseurl;
          Sync = false;
          AutoJoinRooms = false;
          DisplayName = "Prometheus Alertmanager";
        }
      ];
      services = [
        {
          ID = "alertmanager_service";
          Type = "alertmanager";
          UserID = "@alertmanager:${synapseCfg.server_name}";
          Config = {
            webhook_url = "${baseUrl}/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U";
            rooms = {
              "!ceigaGYfREXXSeLFiH:sbruder.de" = {
                text_template = "{{ range .Alerts }}{{ if eq .Status \"firing\" }}@room {{ end }}[{{ .Status }}] {{ index .Labels \"alertname\" }}: {{ index .Annotations \"description\" }}\n{{ end }}";
                html_template = ''
                  {{ range .Alerts }}
                    {{- if eq .Status "firing" }}@room {{ end -}}
                    {{ $severity := index .Labels "severity" }}
                    <font{{ if eq .Status "firing" -}}
                      {{- if eq $severity "critical" }} color="red"
                      {{- else if eq $severity "warning" }} color="orange"
                      {{- end -}}
                    {{- else }} color="green"
                    {{- end }}>
                    <strong>{{ if eq .Status "firing" -}}
                      [firing{{ if ne $severity "" }} - {{ $severity }}{{ end }}]
                    {{- else -}}
                      [resolved]
                    {{- end }}</strong>
                    </font>
                    {{ index .Labels "alertname" }}: {{ index .Annotations "description" }} <a href="{{ .GeneratorURL }}">source</a><br/>
                  {{ end }}
                '';
                msg_type = "m.text";
              };
            };
          };
        }
      ];
    };
  };

  # Load AccessToken and DeviceID from secret
  systemd.services.go-neb = {
    serviceConfig = {
      RuntimeDirectory = "go-neb";
      RuntimeDirectoryMode = "0750";
      DynamicUser = lib.mkForce false;
      ExecStartPre =
        let
          baseConfig = pkgs.writeText "config-base.json" (builtins.toJSON config.services.go-neb.config);
        in
        [
          "!${pkgs.coreutils}/bin/install -g go-neb ${config.sops.secrets.go-neb-overrides.path} /run/go-neb/config-overrides.json"
          # needs to be run in a shell script for redirection to work
          (pkgs.writeShellScript "merge-go-neb-config" ''
            ${pkgs.jq}/bin/jq \
                --slurp \
                '. | map(map_values(. | with_entries(.key = (.value.ID // .value.SessionID // .value.UserID)))) | .[0] * .[1] | with_entries(.value = [.value[]])' \
                ${baseConfig} \
                /run/go-neb/config-overrides.json \
                > /run/go-neb/config.json
          '')
        ];
    };
    environment.CONFIG_FILE = lib.mkForce "/run/go-neb/config.json";
  };
}