{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.onlyoffice_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}

{% set pg_config = {
  "user": values.consts.db_user,
  "password": values.onlyoffice.db_password,
  "database": values.consts.db_name,
  "volume": values.storage.postgres_data,
} %}
{% set postgres = tpl.deps.postgres(
  values.consts.postgres_container_name,
  values.onlyoffice.postgres_image_selector,
  pg_config, perm_container
) %}

{% set redis_config = {
  "password": values.onlyoffice.redis_password,
  "volume": {"type": "temporary", "volume_config": {"volume_name": "redis-data"}},
} %}
{% set redis = tpl.deps.redis(values.consts.redis_container_name, "redis_image", redis_config, perm_container) %}

{% do c1.add_caps(["CHOWN", "FOWNER", "DAC_OVERRIDE", "SETGID", "SETUID"]) %}
{% do c1.healthcheck.set_test("wget", {"port": 80, "path": "/healthcheck"}) %}
{% do c1.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
{% do c1.depends.add_dependency(values.consts.redis_container_name, "service_healthy") %}

{% do c1.environment.add_env("DB_TYPE", "postgres") %}
{% do c1.environment.add_env("DB_HOST", values.consts.postgres_container_name) %}
{% do c1.environment.add_env("DB_PORT", 5432) %}
{% do c1.environment.add_env("DB_NAME", values.consts.db_name) %}
{% do c1.environment.add_env("DB_USER", values.consts.db_user) %}
{% do c1.environment.add_env("DB_PWD", values.onlyoffice.db_password) %}
{% do c1.environment.add_env("REDIS_SERVER_HOST", values.consts.redis_container_name) %}
{% do c1.environment.add_env("REDIS_SERVER_PORT", 6379) %}
{% do c1.environment.add_env("REDIS_SERVER_PASS", values.onlyoffice.redis_password) %}
{% do c1.environment.add_env("JWT_ENABLED", true) %}
{% do c1.environment.add_env("JWT_SECRET", values.onlyoffice.jwt_secret) %}
{% do c1.environment.add_env("WOPI_ENABLED", true) %}

{% do c1.environment.add_user_envs(values.onlyoffice.additional_envs) %}

{% if values.network.certificate_id %}
  {% set cert = values.ix_certificates[values.network.certificate_id] %}
  {% do c1.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %}
  {% do c1.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %}
  {% do c1.environment.add_env("SSL_KEY_PATH", values.consts.ssl_key_path) %}
  {% do c1.environment.add_env("SSL_CERTIFICATE_PATH", values.consts.ssl_cert_path) %}
{% endif %}

{% do c1.add_port(values.network.web_port, {"container_port": 443 if values.network.certificate_id else 80}) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do postgres.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{% do tpl.portals.add(values.network.web_port, {"scheme": "https" if values.network.certificate_id else "http"}) %}

{{ tpl.render() | tojson }}