---
pgadmin_id: "{{ inventory_hostname }}-pgadmin"

pgadmin4_docker:
  {
    networks:
      [
        { name: front-tier, external: true },
        { name: back-tier, external: true },
      ],
    volumes: [{ name: pgadmin_data }],
    services:
      [
        {
          name: "{{ pgadmin_id }}-init",
          image_name: "{{ pgadmin4_image_name }}",
          image_version: "{{ pgadmin4_version }}",
          restart: '"on-failure:20"',
          entrypoint:
            [
              "- sh",
              "- -c",
              "- |",
              "  mkdir -p /var/lib/pgadmin/storage/nso.devops_netgo.de/",
              "  cp /config/pgpass_admin /var/lib/pgadmin/storage/nso.devops_netgo.de/pgpass",
              "  cp /config/pgpass_dev /var/lib/pgadmin/storage/pgadmin-dev/pgpass",
              "  chown -R pgadmin /var/lib/pgadmin",
              "  chmod 600 /var/lib/pgadmin/storage/nso.devops_netgo.de/pgpass",
              "  chmod 600 /var/lib/pgadmin/storage/pgadmin-dev/pgpass",
              "  /venv/bin/python3 /pgadmin4/setup.py load-servers /config/servers_admin.json  --user nso.devops@netgo.de --replace",
              "  /venv/bin/python3 /pgadmin4/setup.py load-servers /config/servers_dev.json  --user developer@netgo.de --replace",
            ],
          volumes: ["./config:/config", "pgadmin_data:/var/lib/pgadmin"],
        },
        {
          name: "{{ pgadmin_id }}",
          image_name: "{{ pgadmin4_image_name }}",
          image_version: "{{ pgadmin4_version }}",
          labels:
            [
              '"traefik.enable=true"',
              '"traefik.http.routers.{{ pgadmin_id }}.service={{ pgadmin_id }}"',
              '"traefik.http.routers.{{ pgadmin_id }}.rule=Host(`{{ shared_service_hostname_pgadmin4 }}`)"',
              '"traefik.http.routers.{{ pgadmin_id }}.entrypoints=websecure"',
              '"traefik.http.routers.{{ pgadmin_id }}.tls=true"',
              '"traefik.http.routers.{{ pgadmin_id }}.tls.certresolver=letsencrypt"',
              '"traefik.http.services.{{ pgadmin_id }}.loadbalancer.server.port={{ http_port }}"',
            ],
          environment: [
              'PGADMIN_DEFAULT_EMAIL: "{{ pgadmin4_admin_username }}"',
              'PGADMIN_DEFAULT_PASSWORD: "{{ pgadmin4_admin_password }}"',
              'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: "20"',
              'PGADMIN_CONFIG_AUTHENTICATION_SOURCES: "[''oauth2'',''internal'']"',
              'PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER: "True"',
              'PGADMIN_CONFIG_OAUTH2_CONFIG: "[{
              ''OAUTH2_NAME'': ''keycloak'',
              ''OAUTH2_DISPLAY_NAME'': ''Keycloak'',
              ''OAUTH2_CLIENT_ID'': ''{{ pgadmin4_oidc_client_id }}'',
              ''OAUTH2_CLIENT_SECRET'': ''{{ pgadmin4_oidc_client_secret }}'',
              ''OAUTH2_TOKEN_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/token'',
              ''OAUTH2_AUTHORIZATION_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/auth'',
              ''OAUTH2_API_BASE_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/'',
              ''OAUTH2_USERINFO_ENDPOINT'': ''userinfo'',
              ''OAUTH2_BUTTON_COLOR'': ''#3253a8'',
              ''OAUTH2_SCOPE'': ''openid email profile'',
              ''OAUTH2_USERNAME_CLAIM'': ''sub'',
              ''OAUTH2_SERVER_METADATA_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/.well-known/openid-configuration''
              }]"',
            ],
          volumes: ["pgadmin_data:/var/lib/pgadmin"],
          networks: [front-tier, back-tier],
          extra_hosts: "{{ pgadmin_extra_hosts | default([]) }}",
        },
      ],
  }