{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.versity_container_name, "image") %}

{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}

{% do c1.set_user(values.run_as.user, values.run_as.group) %}
{% set scheme = "https" if values.network.certificate_id else "http" %}
{% do c1.healthcheck.set_test("wget", {"port": values.network.api_port.port_number, "path": "/healthz", "scheme": scheme}) %}

{% do c1.environment.add_user_envs(values.versity.additional_envs) %}

{% set cmd = namespace(x=[
  "--port", ":%d" | format(values.network.api_port.port_number),
  "--health", "/healthz",
  "--access", values.versity.root_user_access_key,
  "--secret", values.versity.root_user_secret_access_key,
]) %}

{% if values.network.certificate_id %}
  {% set cert = values.ix_certificates[values.network.certificate_id] %}
  {% do c1.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %}
  {% do c1.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %}

  {% do cmd.x.extend(["--cert", values.consts.ssl_cert_path]) %}
  {% do cmd.x.extend(["--key", values.consts.ssl_key_path]) %}
{% endif %}

{% if values.network.admin_port.bind_mode %}
  {% do cmd.x.extend(["--admin-port", ":%d" | format(values.network.admin_port.port_number)]) %}

  {% if values.network.admin_certificate_id %}
    {% set cert = values.ix_certificates[values.network.admin_certificate_id] %}
    {% do c1.configs.add("admin-public", cert.certificate, values.consts.admin_ssl_cert_path) %}
    {% do c1.configs.add("admin-private", cert.privatekey, values.consts.admin_ssl_key_path) %}

    {% do cmd.x.extend(["--admin-cert", values.consts.admin_ssl_cert_path]) %}
    {% do cmd.x.extend(["--admin-cert-key", values.consts.admin_ssl_key_path]) %}
  {% endif %}
{% endif %}

{% set global_flags = values.versity.additional_global_flags|map(attribute="flag") %}
{% do tpl.funcs.require_no_reserved(global_flags, "Additional Global Flags", values.consts.restricted_global_flags, "=") %}
{% for f in values.versity.additional_global_flags %}
  {% if not f.flag.startswith("--") %}{% do tpl.funcs.fail("Flags must start with --") %}{% endif %}
  {% do cmd.x.append(f.flag) %}
  {% if f.value %}{% do cmd.x.append(f.value) %}{% endif %}
{% endfor %}

{% do cmd.x.extend(["posix", values.consts.buckets_path]) %}
{% for f in values.versity.additional_posix_flags %}
  {% if not f.flag.startswith("--") %}{% do tpl.funcs.fail("Flags must start with --") %}{% endif %}
  {% do cmd.x.append(f.flag) %}
  {% if f.value %}{% do cmd.x.append(f.value) %}{% endif %}
{% endfor %}

{% do c1.set_command(cmd.x) %}

{% if not values.network.host_network %}
  {% do c1.add_port(values.network.api_port) %}
  {% do c1.add_port(values.network.admin_port) %}
{% endif %}

{% do c1.add_storage(values.consts.buckets_path, values.storage.buckets) %}
{% do perm_container.add_or_skip_action("buckets", values.storage.buckets, perms_config) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{{ tpl.render() | tojson }}