{% do values.update({"UMASK": "020" if values.tftpd.allow_create else ""}) %}

{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.tftpd_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perm_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group, "mode": "check"} %}

{% do c1.set_user(0, 0) %}
{% do c1.add_caps(["NET_BIND_SERVICE", "SETUID", "SETGID", "SYS_CHROOT"]) %}
{% do c1.healthcheck.set_custom_test("getent services tftp") %}

{% do c1.environment.add_env("MAPFILE","") %}
{% do c1.environment.add_env("SECURE", 1) %}
{% do c1.environment.add_env("CREATE", 1 if values.tftpd.allow_create else 0) %}
{% do c1.environment.add_user_envs(values.tftpd.additional_envs) %}

{% if not values.network.host_network %}
  {% do c1.add_port(values.network.tftp_port, {"container_port": values.consts.internal_tftp_port, "protocol": "udp"}) %}
{% endif %}

{% set tftpboot_store = tpl.funcs.copy_dict(values.storage.tftpboot) %}
{% if values.storage.tftpboot.type == "host_path" %}
  {% do tftpboot_store.host_path_config.update({"auto_permission": True}) %}
{% endif %}

{% do c1.add_storage("/tftpboot", tftpboot_store) %}
{% do perm_container.add_or_skip_action("tftpboot", tftpboot_store, dict(perm_config, **{"chmod": "0757" if values.tftpd.allow_create else "0555"})) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perm_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{{ tpl.render() | tojson }}