{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.twofactor_auth_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perms_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group, "mode": "check"} %}

{% do c1.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
{% do c1.healthcheck.set_test("wget", {"port": values.consts.internal_web_port, "path": "/up"}) %}

{% do c1.environment.add_env("APP_ENV", "local") %}
{% do c1.environment.add_env("APP_KEY", values.twofactor_auth.app_key) %}
{% do c1.environment.add_env("APP_TIMEZONE", values.TZ) %}
{% do c1.environment.add_env("APP_NAME", values.twofactor_auth.app_name) %}
{% do c1.environment.add_env("APP_URL", values.twofactor_auth.app_url) %}
{% do c1.environment.add_env("SITE_OWNER", values.twofactor_auth.site_owner_email) %}
{% do c1.environment.add_env("AUTHENTICATION_GUARD", values.twofactor_auth.authentication_guard) %}
{# /srv/database/database.sqlite is symlinked to /2fauth/database.sqlite #}
{% do c1.environment.add_env("DB_DATABASE", "/srv/database/database.sqlite") %}
{% do c1.environment.add_env("WEBAUTHN_USER_VERIFICATION", values.twofactor_auth.webauthn_user_verification) %}
{% if values.twofactor_auth.authentication_guard == "reverse-proxy-guard" %}
  {% do c1.environment.add_env("AUTH_PROXY_HEADER_FOR_USER", values.twofactor_auth.authentication_header_user) %}
  {% do c1.environment.add_env("AUTH_PROXY_HEADER_FOR_EMAIL", values.twofactor_auth.authentication_header_email) %}
{% endif %}
{% if values.twofactor_auth.trusted_proxies %}
  {% do c1.environment.add_env("TRUSTED_PROXIES", values.twofactor_auth.trusted_proxies | join(",")) %}
{% endif %}
{% do c1.environment.add_user_envs(values.twofactor_auth.additional_envs) %}

{% if not values.network.host_network %}
  {% do c1.add_port(values.network.web_port, {"container_port": values.consts.internal_web_port}) %}
{% endif %}

{% do c1.add_storage("/2fauth", values.storage.config) %}
{% do perm_container.add_or_skip_action("2fauth", values.storage.config, perms_config) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{% do tpl.portals.add(values.network.web_port, {"port": values.consts.internal_web_port if values.network.host_network else None}) %}

{{ tpl.render() | tojson }}