{% set tpl = ix_lib.base.render.Render(values) %}

{% set server = tpl.add_container(values.consts.server_container_name, "image") %}
{% set worker = tpl.add_container(values.consts.worker_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perm_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}

{% set pg_config = {
  "user": values.consts.db_user,
  "password": values.authentik.db_password,
  "database": values.consts.db_name,
  "volume": values.storage.postgres_data,
} %}
{% set postgres = tpl.deps.postgres(
  values.consts.postgres_container_name,
  values.authentik.postgres_image_selector,
  pg_config, perm_container
) %}

{% set redis_config = {
  "password": values.authentik.redis_password,
  "volume": {"type": "temporary", "volume_config": {"volume_name": "redis-data"}},
} %}
{% set redis = tpl.deps.redis(values.consts.redis_container_name, "redis_image", redis_config, perm_container) %}

{% do server.set_command(["server"]) %}
{% do worker.set_command(["worker"]) %}

{% do server.set_user(values.run_as.user, values.run_as.group) %}
{% do worker.set_user(values.run_as.user, values.run_as.group) %}

{% do server.healthcheck.set_custom_test("/lifecycle/ak healthcheck") %}
{% do worker.healthcheck.set_custom_test("/lifecycle/ak healthcheck") %}

{% do server.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
{% do worker.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}

{% do server.depends.add_dependency(values.consts.redis_container_name, "service_healthy") %}
{% do worker.depends.add_dependency(values.consts.redis_container_name, "service_healthy") %}

{% do server.environment.add_env("AUTHENTIK_LISTEN__HTTP", "0.0.0.0:%d"|format(values.network.http_port.port_number)) %}
{% do server.environment.add_env("AUTHENTIK_LISTEN__HTTPS", "0.0.0.0:%d"|format(values.network.https_port.port_number)) %}

{% do server.environment.add_env("AUTHENTIK_POSTGRESQL__HOST", values.consts.postgres_container_name) %}
{% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__HOST", values.consts.postgres_container_name) %}

{% do server.environment.add_env("AUTHENTIK_POSTGRESQL__PORT", 5432) %}
{% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__PORT", 5432) %}

{% do server.environment.add_env("AUTHENTIK_POSTGRESQL__NAME", values.consts.db_name) %}
{% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__NAME", values.consts.db_name) %}

{% do server.environment.add_env("AUTHENTIK_POSTGRESQL__USER", values.consts.db_user) %}
{% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__USER", values.consts.db_user) %}

{% do server.environment.add_env("AUTHENTIK_POSTGRESQL__PASSWORD", values.authentik.db_password) %}
{% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__PASSWORD", values.authentik.db_password) %}

{% do server.environment.add_env("AUTHENTIK_REDIS__HOST", values.consts.redis_container_name) %}
{% do worker.environment.add_env("AUTHENTIK_REDIS__HOST", values.consts.redis_container_name) %}

{% do server.environment.add_env("AUTHENTIK_REDIS__PORT", 6379) %}
{% do worker.environment.add_env("AUTHENTIK_REDIS__PORT", 6379) %}

{% do server.environment.add_env("AUTHENTIK_REDIS__PASSWORD", values.authentik.redis_password) %}
{% do worker.environment.add_env("AUTHENTIK_REDIS__PASSWORD", values.authentik.redis_password) %}

{% do server.environment.add_env("AUTHENTIK_SECRET_KEY", values.authentik.secret_key) %}
{% do worker.environment.add_env("AUTHENTIK_SECRET_KEY", values.authentik.secret_key) %}

{% if values.authentik.setup_email %}
  {% do server.environment.add_env("AUTHENTIK_EMAIL__HOST", values.authentik.email.host) %}
  {% do worker.environment.add_env("AUTHENTIK_EMAIL__HOST", values.authentik.email.host) %}

  {% do server.environment.add_env("AUTHENTIK_EMAIL__PORT", values.authentik.email.port) %}
  {% do worker.environment.add_env("AUTHENTIK_EMAIL__PORT", values.authentik.email.port) %}

  {% do server.environment.add_env("AUTHENTIK_EMAIL__FROM", values.authentik.email.from) %}
  {% do worker.environment.add_env("AUTHENTIK_EMAIL__FROM", values.authentik.email.from) %}

  {% do server.environment.add_env("AUTHENTIK_EMAIL__USERNAME", values.authentik.email.username) %}
  {% do worker.environment.add_env("AUTHENTIK_EMAIL__USERNAME", values.authentik.email.username) %}

  {% do server.environment.add_env("AUTHENTIK_EMAIL__PASSWORD", values.authentik.email.password) %}
  {% do worker.environment.add_env("AUTHENTIK_EMAIL__PASSWORD", values.authentik.email.password) %}

  {% if values.authentik.email.security == "ssl" %}
    {% do server.environment.add_env("AUTHENTIK_EMAIL__USE_SSL", true) %}
    {% do worker.environment.add_env("AUTHENTIK_EMAIL__USE_SSL", true) %}
  {% elif values.authentik.email.security == "tls" %}
    {% do server.environment.add_env("AUTHENTIK_EMAIL__USE_TLS", true) %}
    {% do worker.environment.add_env("AUTHENTIK_EMAIL__USE_TLS", true) %}
  {% endif %}
{% endif %}

{% do server.environment.add_user_envs(values.authentik.additional_envs) %}
{% do worker.environment.add_user_envs(values.authentik.additional_envs) %}

{% do server.add_port(values.network.http_port) %}
{% do server.add_port(values.network.https_port) %}

{% if values.authentik.mount_docker_socket %}
  {% do worker.add_docker_socket(read_only=False) %}
{% endif %}

{% do server.add_storage("/media", values.storage.media) %}
{% do worker.add_storage("/media", values.storage.media) %}
{% do perm_container.add_or_skip_action("media", values.storage.media, perm_config) %}

{% do server.add_storage("/templates", values.storage.templates) %}
{% do worker.add_storage("/templates", values.storage.templates) %}
{% do perm_container.add_or_skip_action("templates", values.storage.templates, perm_config) %}

{% do server.add_storage("/certs", values.storage.certs) %}
{% do worker.add_storage("/certs", values.storage.certs) %}
{% do perm_container.add_or_skip_action("certs", values.storage.certs, perm_config) %}

{% for store in values.storage.additional_storage %}
  {% do server.add_storage(store.mount_path, store) %}
  {% do worker.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perm_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do server.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do worker.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do postgres.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{% do tpl.portals.add(values.network.http_port, {"name": "HTTP"}) %}
{% do tpl.portals.add(values.network.https_port, {"name": "HTTPS", "scheme": "https"}) %}

{{ tpl.render() | tojson }}