let
  appName = "soju";
  sojuImage = "git.gmem.ca/arch/soju:latest";
  gamjaImage = "git.gmem.ca/arch/gamja:latest";
in {
  kubernetes.resources.services.soju = {
    spec = {
      type = "NodePort";
      selector.app = appName;
      ports.tls = {
        port = 6697;
        targetPort = 6697;
      };
    };
  };
  kubernetes.resources.services.soju-ws = {
    spec = {
      selector.app = appName;
      ports.ws = {
        port = 80;
        targetPort = 80;
      };
    };
  };
  kubernetes.resources.services.gamja = {
    spec = {
      selector.app = "gamja";
      ports.http = {
        port = 80;
        targetPort = 80;
      };
    };
  };
  kubernetes.resources.deployments.soju.spec = {
    selector.matchLabels.app = appName;
    template = {
      metadata.labels.app = appName;
      spec = {
        volumes = {
          config.configMap.name = "soju";
          ssl.secret.secretName = "gmem-ca-wildcard";
        };
        containers = {
          soju = {
            image = sojuImage;
            imagePullPolicy = "Always";
            volumeMounts = [
              {
                name = "config";
                mountPath = "/etc/soju/config";
                subPath = "config";
              }
              {
                name = "ssl";
                mountPath = "/ssl";
              }
            ];
            ports.tls.containerPort = 6697;
            ports.ws.containerPort = 80;

            env.PGHOST.valueFrom.secretKeyRef = {
              name = "hippo-pguser-soju";
              key = "host";
            };
            env.PGPASSWORD.valueFrom.secretKeyRef = {
              name = "hippo-pguser-soju";
              key = "password";
            };
            env.PGUSER.valueFrom.secretKeyRef = {
              name = "hippo-pguser-soju";
              key = "user";
            };
            env.PGDATABASE.valueFrom.secretKeyRef = {
              name = "hippo-pguser-soju";
              key = "dbname";
            };
          };
        };
      };
    };
  };
  kubernetes.resources.deployments.gamja.spec = {
    selector.matchLabels.app = "gamja";
    template = {
      metadata.labels.app = "gamja";
      spec = {
        containers = {
          gamja = {
            image = gamjaImage;
            imagePullPolicy = "Always";
            ports.http.containerPort = 80;
          };
        };
      };
    };
  };

  kubernetes.resources.ingresses.irc = {
    metadata.annotations = {
      "cert-manager.io/issuer" = "le-issuer";
    };
    spec = {
      tls = [
        {
          hosts = ["irc.gmem.ca"];
          secretName = "gmem-ca-wildcard";
        }
      ];
      rules = [
        {
          host = "irc.gmem.ca";
          http.paths = [
            {
              path = "/";
              pathType = "Prefix";
              backend.service = {
                name = "gamja";
                port.number = 80;
              };
            }
            {
              path = "/socket";
              pathType = "Prefix";
              backend.service = {
                name = "soju-ws";
                port.number = 80;
              };
            }
          ];
        }
      ];
    };
  };

  kubernetes.resources.configMaps.soju.data.config = ''
    listen ircs://
    listen unix+admin:///app/admin
    listen ws+insecure://
    hostname irc.gmem.ca
    title irc.gmem.ca
    db postgres "dbname=soju"
    message-store db
    tls /ssl/tls.crt /ssl/tls.key
  '';
}