#cloud-config

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# https://hub.docker.com/r/nginx/nginx/
# https://nginx.io/manual/toc/#installation

users:
  - name: nginx
    uid: 2000
  %{ for user in users }
  - name: ${user.username}
    uid: ${user.uid}
  %{ endfor }

write_files:
  - path: /var/lib/docker/daemon.json
    permissions: 0644
    owner: root
    content: |
      {
        "live-restore": true,
        "storage-driver": "overlay2",
        "log-opts": {
          "max-size": "1024m"
        }
      }

  %{~ if nginx_config != null ~}
  - path: /etc/nginx/conf.d/nginx.conf
    permissions: 0644
    owner: root
    content: |
      ${indent(6, nginx_config)}
  %{~ endif ~}

  # nginx container service
  - path: /etc/systemd/system/nginx.service
    permissions: 0644
    owner: root
    content: |
      [Unit]
      Description=Start nginx container
      After=gcr-online.target docker.socket
      Wants=gcr-online.target docker.socket docker-events-collector.service
      [Service]
      Environment="HOME=/home/nginx"
      ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
      ExecStart=/usr/bin/docker run --rm --name=nginx  \
        --network host \
        %{~ if etc_mount ~}
        -v /etc/nginx/conf.d:/etc/nginx/conf.d \
        %{~ endif ~}
        ${image}
      ExecStop=/usr/bin/docker stop nginx

  %{ for path, data in files }
  - path: ${path}
    owner: ${lookup(data, "owner", "root")}
    permissions: ${lookup(data, "permissions", "0644")}
    content: |
      ${indent(6, data.content)}
  %{ endfor }

bootcmd:
  - systemctl start node-problem-detector

runcmd:
%{ for cmd in runcmd_pre ~}
  - ${cmd}
%{ endfor ~}
  - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
  - systemctl daemon-reload
  - systemctl start nginx
%{ for cmd in runcmd_post ~}
  - ${cmd}
%{ endfor ~}