let _presets = (import "schemas/lib/concerns_presets.ncl").presets in { static_web | default = { name | default = "static-web", namespace | default = "", catalog_ref | default = "static_web", image | default = "nginx", image_tag | default = "1.27-alpine", domain | default = "", domains_extra | default = [], dns_zone | default = "", acme_email | default = "", cluster_issuer | default = "letsencrypt-prod", gateway_fip | default = "", gateway_name | default = "libre-wuji", gateway_ns | default = "kube-system", storage_class | default = "longhorn-retain", storage_size | default = "2Gi", data_dir | default = "/usr/share/nginx/html", http_port | default = 80, nginx_conf_extra | default = "", auth_paths | default = [], requires | default = { storage = { size = "2Gi", persistent = true }, ports = [{ port = 80, exposure = 'public }], credentials = [], }, provides | default = { service = "static-web", port = 80, endpoints = [], }, operations | default = { install = true, update = true, delete = true, health = true, }, live_check | default = { strategy = 'k8s_pods, scope = 'cp_only, }, # ServiceConcerns — derives tls_secret, cluster_issuer, dns_zone, acme_email # from the component's own fields. let-bindings capture outer values before # entering the inner record literal to avoid Nickel's recursive self-reference. concerns | default = let _name = name in let _domain = domain in let _dns_zone = dns_zone in let _acme_email = acme_email in let _cluster_issuer = cluster_issuer in (_presets.tls_endpoint_with_acme { tls_secret = "%{_name}-tls", cluster_issuer = _cluster_issuer, hostnames = [_domain], dns_internal = [], dns_zone = _dns_zone, acme_server = "https://acme-v02.api.letsencrypt.org/directory", acme_email = _acme_email, cert_secret_ref = "", cert_provider = 'cloudflare, backup_backlog_ref = "BACKUP-STATICWEB-001", }) & { backup | force = { kind = 'pending, reason = "BackupPolicy declared at workspace level for PVC data volume", backlog_ref = "BACKUP-STATICWEB-001", }, manifest_hooks = { init = { pre = [ { action = 'create-cf-secret }, { file = "clusterissuer", action = 'apply, skip_if_exists = true }, { file = "certificate", action = 'apply, skip_if_exists = true }, { file = "referencegrant", action = 'apply }, { action = 'patch-gateway-https }, ] }, update = { pre = [ { file = "certificate", action = 'apply, skip_if_exists = true }, { file = "referencegrant", action = 'apply }, { action = 'patch-gateway-https }, ] }, delete = { pre = [ { action = 'remove-gateway-https }, { file = "referencegrant", action = 'delete }, ] }, }, }, }, }