variant: flatcar
version: 1.1.0
passwd:
  users:
    - name: core
      ssh_authorized_keys_local:
        - /ssh-keys
    - name: nextcloud
      uid: 1001
systemd:
  units:
    - name: nassella.mount
      enabled: true
      contents: |
        [Mount]
        What=/dev/disk/by-partlabel/appstorage
        Where=/nassella
        Type=ext4

        [Install]
        RequiredBy=local-fs.target
    - name: app.service
      enabled: true
      contents_local: app/app.service
    - name: restic-backup.service
      contents: |
        [Unit]
        Description=Backs up application data
        Conflicts=app.service

        [Service]
        Type=oneshot
        EnvironmentFile=/restic-env
        ExecStart=/usr/bin/bash -c "docker run --rm --volume /nassella:/nassella --volume /restic-password:/restic-password -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -i restic/restic:0.18.0 backup --verbose --repo s3:s3.us-west-004.backblazeb2.com/nassella-test-bucket --password-file /restic-password /nassella"
        ExecStopPost=systemctl start app.service

    - name: restic-backup.timer
      contents: |
        [Unit]
        Description=Run restic-backup.service at 3am PT

        [Timer]
        OnCalendar=*-*-* 10:00:00

        [Install]
        WantedBy=multi-user.target

    ### docker-compose sysext
    ### https://flatcar.github.io/sysext-bakery/docker_compose/
    - name: systemd-sysupdate.timer
      enabled: true
    - name: docker.service
      dropins:
        - name: 10-wait-docker.conf
          contents: |
            [Unit]
            After=nassella.mount
            Requires=nassella.mount
    - name: systemd-sysupdate.service
      dropins:
        - name: docker-compose.conf
          contents: |
            [Service]
            ExecStartPre=/usr/bin/sh -c "readlink --canonicalize /etc/extensions/docker-compose.raw > /tmp/docker-compose"
            ExecStartPre=/usr/lib/systemd/systemd-sysupdate -C docker-compose update
            ExecStartPost=/usr/bin/sh -c "readlink --canonicalize /etc/extensions/docker-compose.raw > /tmp/docker-compose-new"
            ExecStartPost=/usr/bin/sh -c "if ! cmp --silent /tmp/docker-compose /tmp/docker-compose-new; then touch /run/reboot-required; fi"

# device: /dev/disk/by-label/appstorage
storage:
  disks:
    # TODO I think this can be changed back to
    # device: /dev/disk/by-label/appstorage
    # I think it didn't work before becase the partition number was 0 (now correctly set to 1)
    - device: /dev/sda
#    - device: /dev/disk/by-label/appstorage
      wipe_table: false
      partitions:
        - label: appstorage
          number: 1
  filesystems:
    - device: /dev/disk/by-partlabel/appstorage
      format: ext4
      wipe_filesystem: false
  trees:
    - path: /app
      local: app
  files:
    - path: /restic-password
      contents:
        local: restic-password
    - path: /restic-env
      contents:
        local: restic-env
    ### docker-compose sysext
    ### https://flatcar.github.io/sysext-bakery/docker_compose/
    - path: /opt/extensions/docker-compose/docker-compose-2.34.0-x86-64.raw
      mode: 0644
      contents:
        source: https://extensions.flatcar.org/extensions/docker-compose-2.34.0-x86-64.raw
    - path: /etc/sysupdate.docker-compose.d/docker-compose.conf
      contents:
        source: https://extensions.flatcar.org/extensions/docker-compose.conf
    - path: /etc/sysupdate.d/noop.conf
      contents:
        source: https://extensions.flatcar.org/extensions/noop.conf
  links:
    - target: /opt/extensions/docker-compose/docker-compose-2.34.0-x86-64.raw
      path: /etc/extensions/docker-compose.raw
      hard: false