{% set tpl = ix_lib.base.render.Render(values) %}

{% set proto = "https" if values.network.certificate_id else "http" %}
{% set internal_port = values.consts.internal_https_port if values.network.certificate_id else values.consts.internal_http_port %}

{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set mariadb_config = {
  "user": values.consts.db_user,
  "root_password": values.passbolt.db_root_password,
  "password": values.passbolt.db_password,
  "database": values.consts.db_name,
  "volume": values.storage.mariadb_data,
} %}
{% set mariadb_container = tpl.deps.mariadb(values.consts.mariadb_container_name, "mariadb_image", mariadb_config, perm_container) %}
{% set perms_config = {"uid": values.consts.passbolt_run_user, "gid": values.consts.passbolt_run_group, "mode": "check"} %}
{% set c1 = tpl.add_container(values.consts.passbolt_container_name, "image") %}
{% do c1.set_user(values.consts.passbolt_run_user, values.consts.passbolt_run_group) %}
{% do c1.depends.add_dependency(values.consts.mariadb_container_name, "service_healthy") %}
{% do c1.healthcheck.set_test("curl", {"port": internal_port, "scheme": proto, "path": "/healthcheck/status"}) %}

{% do c1.environment.add_env("DATASOURCES_DEFAULT_HOST", values.consts.mariadb_container_name) %}
{% do c1.environment.add_env("DATASOURCES_DEFAULT_DATABASE", values.consts.db_name) %}
{% do c1.environment.add_env("DATASOURCES_DEFAULT_USERNAME", values.consts.db_user) %}
{% do c1.environment.add_env("DATASOURCES_DEFAULT_PASSWORD", values.passbolt.db_password) %}
{% do c1.environment.add_env("DATASOURCES_DEFAULT_PORT", 3306) %}
{% do c1.environment.add_env("GNUPGHOME", "/var/lib/passbolt/.gnupg") %}
{% do c1.environment.add_env("PASSBOLT_GPG_SERVER_KEY_PUBLIC", "%s/serverkey.asc" | format(values.consts.gpg_path)) %}
{% do c1.environment.add_env("PASSBOLT_GPG_SERVER_KEY_PRIVATE", "%s/serverkey_private.asc" | format(values.consts.gpg_path)) %}
{% do c1.environment.add_env("APP_FULL_BASE_URL", values.passbolt.app_url) %}
{% do c1.environment.add_user_envs(values.passbolt.additional_envs) %}

{% if values.network.certificate_id %}
  {% set cert = values.ix_certificates[values.network.certificate_id] %}
  {% do c1.configs.add("private", cert.privatekey, "/etc/passbolt/certs/certificate.key") %}
  {% do c1.configs.add("public", cert.certificate, "/etc/passbolt/certs/certificate.crt") %}
{% endif %}

{% do c1.add_port(values.network.web_port, {"container_port": internal_port}) %}

{% do c1.add_storage(values.consts.gpg_path, values.storage.gpg) %}
{% do perm_container.add_or_skip_action("gpg", values.storage.gpg, perms_config) %}

{% do c1.add_storage("/etc/passbolt/jwt", values.storage.jwt) %}
{% do perm_container.add_or_skip_action("jwt", values.storage.jwt, perms_config) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do mariadb_container.container.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{% do tpl.portals.add(values.network.web_port, {"scheme": proto}) %}
{% do tpl.notes.set_body(values.consts.notes_body) %}

{{ tpl.render() | tojson }}