{ lib, config, ... }:
let
  cfg = config.apps.tempo;
  env = config.apps.env;

  values = lib.apps.appValues {
    inherit env;
    extraValues = {
      tempo = {
        storage = {
          trace = {
            backend = "s3";
            s3 = {
              bucket = cfg.s3.bucket;
              endpoint = cfg.s3.endpoint;
              access_key = "\${S3SECRET}";
              secret_key = "\${S3KEY}";
              insecure = true;
            };
            local = {
              path = "/var/tempo/traces";
            };
            wal = {
              path = "/var/tempo/wal";
            };
          };
        };
        metricsGenerator = {
          enabled = true;
          remoteWriteUrl = "http://prom-prometheus.prometheus:9090/api/v1/write";
        };
        extraEnv = [
          {
            name = "S3KEY";
            valueFrom.secretKeyRef = {
              name = cfg.secret.name;
              key = cfg.secret.accessKey;
            };
          }
          {
            name = "S3SECRET";
            valueFrom.secretKeyRef = {
              name = cfg.secret.name;
              key = cfg.secret.secretKey;
            };
          }
        ];
      };

      tempoQuery = {
        ingress = {
          enabled = true;
          ingressClassName = "nginx";
          annotations = {
            "cert-manager.io/cluster-issuer" = "letsencrypt-staging";
            "nginx.ingress.kubernetes.io/ssl-redirect" = "true";
            "atlantis.oceanbox.io/expose" = "internal";
          };
          path = "/";
          pathType = "Prefix";
          hosts = [ "query.tempo.adm.oceanbox.io" ];
          tls = [{
            secretName = "tempo-query-tls";
            hosts = [ "query.tempo.adm.oceanbox.io" ];
          }];
        };
      };
    };
  };

in
{
  options.apps.tempo = lib.apps.appOptions {
    revision = lib.mkOption {
      type = lib.types.str;
      default = "1.10.3";
      description = "Tempo chart version";
    };
    s3 = {
      bucket = lib.mkOption {
        type = lib.types.str;
        default = "tempo-traces";
        description = "S3 bucket for traces";
      };
      endpoint = lib.mkOption {
        type = lib.types.str;
        default = "http://10.255.241.30:30080";
        description = "S3 endpoint";
      };
    };
    secret = {
      name = lib.mkOption {
        type = lib.types.str;
        default = "tempo-s3";
        description = "Name of the S3 credentials secret";
      };
      accessKey = lib.mkOption {
        type = lib.types.str;
        default = "AWS_ACCESS_KEY_ID";
        description = "Access key field in secret";
      };
      secretKey = lib.mkOption {
        type = lib.types.str;
        default = "AWS_ACCESS_KEY_SECRET";
        description = "Secret key field in secret";
      };
    };
  };

  config = lib.apps.appConfig cfg "tempo" {
    namespace = "argocd";
    helm.releases.tempo = {
      inherit values;
      chart = lib.helm.downloadHelmChart {
        repo = "https://grafana.github.io/helm-charts";
        chart = "tempo";
        version = cfg.revision;
      };
    };
    annotations = {
      "argocd.argoproj.io/sync-options" = "SkipDryRunOnMissingResource=true";
    };
  };
}