from diagrams import Cluster, Diagram, Edge
from diagrams.k8s.network import Ingress
from diagrams.k8s.compute import Deployment, StatefulSet
from diagrams.k8s.storage import PVC, StorageClass
from diagrams.onprem.network import Opnsense
from diagrams.onprem.certificates import CertManager
from diagrams.onprem.proxmox import ProxmoxVE
from diagrams.onprem.vcs import Gitea
from diagrams.generic.os import Windows

graph_attr = {
    "fontsize": "13",
    "pad": "0.6",
    "nodesep": "0.5",
    "ranksep": "1.0",
    "splines": "ortho",
}

with Diagram(
    "ExpertFab Infrastruktur",
    filename="k8s_cluster",
    outformat="png",
    show=False,
    direction="TB",
    graph_attr=graph_attr,
):
    # ── Physische Ebene ───────────────────────────────────────────────────────
    with Cluster("Proxmox Cluster  efproxcl02  –  95.156.232.42"):

        with Cluster("efproxcl02n01  –  64 vCPU / 128 GB"):
            fw        = Opnsense("efscfw01\nOPNsense / FW\n10.42.70.1")
            n01_kctl  = ProxmoxVE("efsckubctl\nK3s control plane")
            n01_kn02  = ProxmoxVE("efsckubnode02\nK3s worker")
            n01_smtp  = ProxmoxVE("efsmtprelay")
            n01_trade = ProxmoxVE("eftrade01")
            n01_git   = Gitea("efgit01 / Gitea\ngit.expertfab.de")

        with Cluster("efproxcl02n02  –  64 vCPU / 128 GB"):
            n02_kn1   = ProxmoxVE("efsckubnode1\nK3s worker")
            n02_af    = ProxmoxVE("efscairflow01\nAirflow")
            n02_veeam = ProxmoxVE("efscveeam01\nVeeam Backup")
            n02_dc    = Windows("efscdc01\nDomain Controller")
            n02_print = ProxmoxVE("efscprint01\nPrintserver")
            n02_moni  = ProxmoxVE("efscmoni01\nMonitoring")

    # ── Logische K3s-Ebene ────────────────────────────────────────────────────
    # K3s läuft auf: efsckubctl (control) + efsckubnode1 + efsckubnode02
    with Cluster("K3s Cluster  (efsckubctl · efsckubnode1 · efsckubnode02)"):

        cert    = CertManager("cert-manager\nLet's Encrypt")
        traefik = Ingress("Traefik Ingress\n10.42.71.60")
        cert >> traefik

        with Cluster("erpnext  –  expertfab.de / www.expertfab.de"):
            nginx    = Deployment("Nginx")
            gunicorn = Deployment("Gunicorn")
            workers  = Deployment("Workers\ndefault / short / long")
            mariadb  = StatefulSet("MariaDB 10.6")
            df_cache = Deployment("DragonflyDB\ncache")
            df_queue = Deployment("DragonflyDB\nqueue")
            nginx >> gunicorn >> workers
            [gunicorn, workers] >> mariadb
            [gunicorn, workers] >> df_cache
            workers >> df_queue

        with Cluster("paperless  –  docs.expertfab.de"):
            paperless = Deployment("Paperless-NGX")

        with Cluster("zitadel  –  auth.expertfab.de"):
            zitadel = Deployment("Zitadel")

        with Cluster("rabbitmq  –  api.expertfab.de"):
            fastapi = Deployment("FastAPI")

        with Cluster("coworkbase  –  coworkbase.de"):
            cowork = Deployment("Coworkbase")

        with Cluster("qubicticker  –  qubicticker.qchief.io"):
            ticker = Deployment("Qubicticker")

        traefik >> [nginx, paperless, zitadel, fastapi, cowork, ticker]

        with Cluster("Longhorn Storage"):
            sc          = StorageClass("longhorn")
            pvc_mariadb = PVC("MariaDB  10 Gi RWO")
            pvc_sites   = PVC("Sites    10 Gi RWX")
            pvc_logs    = PVC("Logs      5 Gi RWX")
            pvc_queue   = PVC("Queue     2 Gi RWO")
            sc >> [pvc_mariadb, pvc_sites, pvc_logs, pvc_queue]
            mariadb  >> Edge(style="dashed") >> pvc_mariadb
            gunicorn >> Edge(style="dashed") >> pvc_sites
            nginx    >> Edge(style="dashed") >> pvc_logs
            df_queue >> Edge(style="dashed") >> pvc_queue

    # ── Verbindungen ──────────────────────────────────────────────────────────
    fw >> traefik
    n01_git >> Edge(label="image pull", style="dashed") >> nginx