with import <nixpkgs> {};
let
  certs = pkgs.callPackage ./certs.nix {};
  pki = pkgs.callPackage ../lib/pki.nix {};
  cluster = callPackage ../lib/k8s.nix {
    masterAddress = "10.253.18.100";
    etcdNodes = [ "etcd0" "etcd1" "etcd2" ];
    clusterHosts = ''
          10.253.18.100 k0-0 etcd0 kubernetes
          10.253.18.101 k0-1 etcd1
          10.253.18.102 k0-2 etcd2
          10.253.18.103 k0-3
          10.253.18.107 k0-4
          10.253.18.108 k0-5
          10.253.18.106 fs0-0 fs0-0.local
          10.1.2.164    fs0-1 fs0-1.local
          10.253.18.100 fs0-2 fs0-2.local
          10.253.18.100 itp-registry
          10.253.18.100 nuget.itpartner.no
          10.253.18.109 k1-0
    '';
    certs = {
      ca = certs.ca;
      apiserver = pki.toSet certs.apiserver;
      kube-proxy = pki.toSet certs.kube-proxy;
      admin = pki.toSet certs.admin;
      etcd = pki.toSet certs.etcd;
      k0-0 = pki.toSet certs.k0-0;
      k0-1 = pki.toSet certs.k0-1;
      k0-2 = pki.toSet certs.k0-2;
      k0-3 = pki.toSet certs.k0-3;
      k0-4 = pki.toSet certs.k0-4;
      k0-5 = pki.toSet certs.k0-5;
    };
  };
in
{
  k0-0 = { ... }:
    let
      apiserver = pki.toSet certs.apiserver;
    in {
    require = [ (cluster.apiserver "10.253.18.100" "k0-0" "etcd0") ];
    boot.kernelModules = [
      "dm_snapshot"
      "dm_mirror"
      "dm_thin_pool"
    ];
    # services.dnsmasq.enable = true;
    fileSystems."/data" = {
      device = "fs0-0:gv0";
      fsType = "glusterfs";
    };
    fileSystems."/var/lib/docker-registry" = {
      device = "fs0-0:docker-registry";
      fsType = "nfs4";
    };
    services.dockerRegistry = {
      enable = true;
      listenAddress = "0.0.0.0";
      enableDelete = true;
      enableGarbageCollect = true;
      extraConfig = {
        REGISTRY_HTTP_TLS_CERTIFICATE = "${apiserver.cert}";
        REGISTRY_HTTP_TLS_KEY = "${apiserver.key}";
      };
    };
    environment.systemPackages = [ pkgs.lvm2 ];
    networking.extraHosts = ''
      10.253.18.100 itp-registry itp-registry.local
      10.253.18.100 helm-registry helm-registry.local
      10.253.18.100 nuget.local
      10.253.18.100 dashboard.k0.local
      10.253.18.100 gitlab.k0.local
      10.253.18.100 baywash.k0.local
    '';
    systemd.services.gitlab-upgrade = {
      description = "Upgrade gitlab by zapping pod";
      startAt = "Sun 09:00:00";
      script = "kubectl delete pods -n gitlab --all";
      path = [ pkgs.kubectl ];
    };
  };

  k0-1 = cluster.server "10.253.18.101" "k0-1" "etcd1";
  k0-2 = cluster.server "10.253.18.102" "k0-2" "etcd2";
  k0-3 = cluster.worker "10.253.18.103" "k0-3";
  k0-4 = cluster.worker "10.253.18.107" "k0-4";
  k0-5 = cluster.worker "10.253.18.108" "k0-5";
}