{% set tpl = ix_lib.base.render.Render(values) %}

{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set server = tpl.add_container(values.consts.server_container_name, "image") %}
{% set agent = tpl.add_container(values.consts.agent_container_name, "agent_image") %}
{% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}

{% set pg_config = {
  "user": values.consts.db_user,
  "password": values.woodpecker.db_password,
  "database": values.consts.db_name,
  "volume": values.storage.postgres_data,
} %}
{% set postgres = tpl.deps.postgres(
  values.consts.postgres_container_name,
  values.woodpecker.postgres_image_selector,
  pg_config, perm_container
) %}

{# Agent #}
{% set agent_labels = namespace(x=[]) %}
{% for label in values.woodpecker.agent.labels %}
  {% do agent_labels.x.append("%s=%s" | format(label.key, label.value)) %}
{% endfor %}

{% do agent.set_user(values.run_as.user, values.run_as.group) %}
{% do agent.depends.add_dependency(values.consts.server_container_name, "service_healthy") %}
{% do agent.healthcheck.set_custom_test(["CMD", "/bin/woodpecker-agent", "ping"]) %}

{# Github Actions Docker Group #}
{% if values.ci %}{% do agent.add_group(118) %}{% endif %}

{% do agent.environment.add_env("WOODPECKER_SERVER", "%s:%d" | format(values.consts.server_container_name, values.network.grpc_port.port_number)) %}
{% do agent.environment.add_env("WOODPECKER_BACKEND", "docker") %}
{% do agent.environment.add_env("WOODPECKER_GRPC_SECURE", false) %}
{% do agent.environment.add_env("WOODPECKER_HEALTHCHECK", true) %}
{% do agent.environment.add_env("WOODPECKER_HEALTHCHECK_ADDR", ":%d" | format(values.consts.agent_health_check_port)) %}
{% do agent.environment.add_env("WOODPECKER_AGENT_SECRET", values.woodpecker.agent_secret) %}
{% do agent.environment.add_env("WOODPECKER_MAX_WORKFLOWS", values.woodpecker.agent.max_workflows) %}
{% do agent.environment.add_env("WOODPECKER_AGENT_LABELS", agent_labels.x|join(",")) %}
{% do agent.environment.add_user_envs(values.woodpecker.agent_additional_envs) %}

{% do agent.add_storage("/etc/woodpecker", values.storage.agent_config) %}
{% do perm_container.add_or_skip_action("agent_config", values.storage.agent_config, perms_config) %}
{% do agent.add_docker_socket(read_only=false) %}

{# Server #}
{% do server.set_user(values.run_as.user, values.run_as.group) %}
{% do server.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
{% do server.healthcheck.set_custom_test(["CMD", "/bin/woodpecker-server", "ping"]) %}

{% do server.environment.add_env("WOODPECKER_OPEN", values.woodpecker.allow_registration) %}
{% if values.woodpecker.forge.type == "github" %}
  {% do server.environment.add_env("WOODPECKER_GITHUB", true) %}
  {% do server.environment.add_env("WOODPECKER_GITHUB_CLIENT", values.woodpecker.forge.github.client_id) %}
  {% do server.environment.add_env("WOODPECKER_GITHUB_SECRET", values.woodpecker.forge.github.client_secret) %}
{% elif values.woodpecker.forge.type == "gitea" %}
  {% do server.environment.add_env("WOODPECKER_GITEA", true) %}
  {% do server.environment.add_env("WOODPECKER_GITEA_URL", values.woodpecker.forge.gitea.url) %}
  {% do server.environment.add_env("WOODPECKER_GITEA_CLIENT", values.woodpecker.forge.gitea.client_id) %}
  {% do server.environment.add_env("WOODPECKER_GITEA_SECRET", values.woodpecker.forge.gitea.client_secret) %}
  {% do server.environment.add_env("WOODPECKER_GITEA_SKIP_VERIFY", values.woodpecker.forge.gitea.skip_tls_verify) %}
{% elif values.woodpecker.forge.type == "forgejo" %}
  {% do server.environment.add_env("WOODPECKER_FORGEJO", true) %}
  {% do server.environment.add_env("WOODPECKER_FORGEJO_URL", values.woodpecker.forge.forgejo.url or "https://next.forgejo.org") %}
  {% do server.environment.add_env("WOODPECKER_FORGEJO_CLIENT", values.woodpecker.forge.forgejo.client_id) %}
  {% do server.environment.add_env("WOODPECKER_FORGEJO_SECRET", values.woodpecker.forge.forgejo.client_secret) %}
  {% do server.environment.add_env("WOODPECKER_FORGEJO_SKIP_VERIFY", values.woodpecker.forge.forgejo.skip_tls_verify) %}
{% elif values.woodpecker.forge.type == "bitbucket" %}
  {% do server.environment.add_env("WOODPECKER_BITBUCKET", true) %}
  {% do server.environment.add_env("WOODPECKER_BITBUCKET_CLIENT", values.woodpecker.forge.bitbucket.client_id) %}
  {% do server.environment.add_env("WOODPECKER_BITBUCKET_SECRET", values.woodpecker.forge.bitbucket.client_secret) %}
{% elif values.woodpecker.forge.type == "gitlab" %}
  {% do server.environment.add_env("WOODPECKER_GITLAB", true) %}
  {% do server.environment.add_env("WOODPECKER_GITLAB_URL", values.woodpecker.forge.gitlab.url or "https://gitlab.com") %}
  {% do server.environment.add_env("WOODPECKER_GITLAB_CLIENT", values.woodpecker.forge.gitlab.client_id) %}
  {% do server.environment.add_env("WOODPECKER_GITLAB_SECRET", values.woodpecker.forge.gitlab.client_secret) %}
  {% do server.environment.add_env("WOODPECKER_GITLAB_SKIP_VERIFY", values.woodpecker.forge.gitlab.skip_tls_verify) %}
{% endif %}

{% do server.environment.add_env("WOODPECKER_HOST", values.woodpecker.external_url) %}
{% do server.environment.add_env("WOODPECKER_SERVER_ADDR", ":%d" | format(values.network.http_port.port_number)) %}
{% do server.environment.add_env("WOODPECKER_GRPC_ADDR", ":%d" | format(values.network.grpc_port.port_number)) %}
{% do server.environment.add_env("WOODPECKER_AGENT_SECRET", values.woodpecker.agent_secret) %}
{% do server.environment.add_env("WOODPECKER_DATABASE_DRIVER", "postgres") %}
{% do server.environment.add_env("WOODPECKER_DATABASE_DATASOURCE", postgres.get_url("postgres")) %}
{% do server.environment.add_user_envs(values.woodpecker.server_additional_envs) %}

{% if values.network.certificate_id %}
  {% set cert = values.ix_certificates[values.network.certificate_id] %}
  {% do server.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %}
  {% do server.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %}

  {% do server.environment.add_env("WOODPECKER_SERVER_CERT", values.consts.ssl_cert_path) %}
  {% do server.environment.add_env("WOODPECKER_SERVER_KEY", values.consts.ssl_key_path) %}
  {% do server.environment.add_env("SERVER_ADDR_TLS", ":%d" | format(values.network.https_port.port_number)) %}

  {% do server.add_port(values.network.https_port) %}

  {% do tpl.portals.add(values.network.https_port, {"name": "HTTPS", "scheme": "https"}) %}
{% endif %}

{% do server.add_port(values.network.http_port) %}

{% for store in values.storage.additional_storage %}
  {% do agent.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do agent.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do postgres.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{% do tpl.portals.add(values.network.http_port, {"name": "HTTP"}) %}

{{ tpl.render() | tojson }}