{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.tailscale_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perm_config = {"uid": 568, "gid": 568, "mode": "check"} %}

{% do c1.add_caps(["NET_ADMIN", "NET_RAW", "SYS_MODULE", "CHOWN", "FOWNER", "DAC_OVERRIDE"]) %}
{% do c1.healthcheck.set_custom_test("tailscale status") %}

{% set args = namespace(x=[]) %}
{% if values.tailscale.advertise_exit_node %}
  {% do args.x.append("--advertise-exit-node") %}
{% endif %}
{% if values.tailscale.reset %}
  {% do args.x.append("--reset") %}
{% endif %}

{% for arg in values.tailscale.extra_args %}
  {% for key in values.consts.reserved_keys %}
    {% if arg.startswith(key) %}
      {% do tpl.funcs.fail("Please use the dedicated field for [%s]"|format(key)) %}
    {% endif %}
  {% endfor %}

  {% do args.x.append(arg) %}
{% endfor %}

{% do c1.environment.add_env("TS_STATE_DIR", values.consts.state_path) %}
{% do c1.environment.add_env("TS_ACCEPT_DNS", values.tailscale.accept_dns) %}
{% do c1.environment.add_env("TS_HOSTNAME", values.tailscale.hostname) %}
{% do c1.environment.add_env("TS_USERSPACE", values.tailscale.userspace) %}
{% do c1.environment.add_env("TS_AUTH_ONCE", values.tailscale.auth_once) %}
{% do c1.environment.add_env("TS_AUTHKEY", values.tailscale.auth_key) %}
{% do c1.environment.add_env("TS_SOCKET", "/var/run/tailscale/tailscaled.sock") %}
{% if values.tailscale.tailscaled_args %}
  {% do c1.environment.add_env("TS_TAILSCALED_EXTRA_ARGS", values.tailscale.tailscaled_args|unique|list|join(" ")) %}
{% endif %}
{% if values.tailscale.advertise_routes %}
  {% do c1.environment.add_env("TS_ROUTES", values.tailscale.advertise_routes|unique|list|join(",")) %}
{% endif %}

{% if args.x %}
  {% do c1.environment.add_env("TS_EXTRA_ARGS", args.x|join(" ")) %}
{% endif %}

{% do c1.environment.add_user_envs(values.tailscale.additional_envs) %}

{% if not values.tailscale.userspace %}
  {% do c1.add_tun_device() %}
{% endif %}

{% do c1.add_storage("/var/run/tailscale", {"type":"tmpfs", "tmpfs_config": {"mode": "0755"}}) %}

{% do c1.add_storage(values.consts.state_path, values.storage.state) %}
{% if values.tailscale.userspace %}
  {% do perm_container.add_or_skip_action("state", values.storage.state, perm_config) %}
{% endif %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
  {% if values.tailscale.userspace %}
    {% do perm_container.add_or_skip_action(store.mount_path, store, perm_config) %}
  {% endif %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{{ tpl.render() | tojson }}