# -*- mode: python; encoding: utf-8 -*-

info["owner"] = "root"
info["group"] = "root"
info["mode"] = 0644

comment_start = "#"

import gestion.secrets_new as secrets_new

base = """
        root /var/www/;
        index index.html index.htm;

        server_name tv.crans.org;
        location /sap.txt {
                alias /var/www/sap.txt;
        }
        location /images/{
                autoindex  on;
                try_files $uri $uri/ =404;
        }
        location / {
                try_files $uri $uri/ %s;
                rewrite ^/$ https://intranet2.crans.org/tv/;
        }
""" % "@404" if has("icecast") else "=404"

icecast = """location @404 {
            proxy_set_header Host $host;
            proxy_set_header X-Auth %s;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://127.0.0.1:8000;
        }
""" % secrets_new.get('icecast-token')

if has("icecast"):
    body = "%s\n        %s" % (base, icecast)
else:
    body = base

out("""server {
        listen   80; ## listen for ipv4; this line is default and implied
        listen   [::]:80 default_server ipv6only=on; ## listen for ipv6%s

}""" % (body,))


out("""# HTTPS server
#
server {
        listen 443;
        listen   [::]:443 default_server ipv6only=on;

        ssl on;
        ssl_certificate /etc/ssl/crans/cochon.ferme.crans.org/xid=33/cert_chain.pem;
        ssl_certificate_key /etc/ssl/crans/cochon.ferme.crans.org/xid=33/key.pem;

        ssl_session_timeout 5m;%s
}""" % (body,))