{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.distribution_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}

{% do c1.set_user(values.run_as.user, values.run_as.group) %}
{% do c1.healthcheck.set_test("wget", {"port": values.network.api_port.port_number, "scheme": "https" if values.network.certificate_id else "http"}) %}
{% if values.network.certificate_id %}
  {% do c1.set_init(true) %}
{% endif %}

{% do c1.environment.add_env("REGISTRY_HTTP_ADDR", "0.0.0.0:%d"|format(values.network.api_port.port_number)) %}
{% do c1.environment.add_env("REGISTRY_HTTP_SECRET", values.distribution.http_secret) %}

{% if values.storage.use_filesystem_backend %}
  {% do c1.environment.add_env("REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY", values.consts.data_path) %}
  {% do c1.add_storage(values.consts.data_path, values.storage.data) %}
  {% do perm_container.add_or_skip_action(values.consts.data_path, values.storage.data, perms_config) %}
{% endif %}

{% if values.network.certificate_id %}
  {% do c1.environment.add_env("REGISTRY_HTTP_TLS_CERTIFICATE", values.consts.ssl_cert_path) %}
  {% do c1.environment.add_env("REGISTRY_HTTP_TLS_KEY", values.consts.ssl_key_path) %}

  {% set cert = values.ix_certificates[values.network.certificate_id] %}
  {% do c1.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %}
  {% do c1.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %}
{% endif %}

{% if values.distribution.basic_auth_users %}
  {% do c1.environment.add_env("REGISTRY_AUTH_HTPASSWD_REALM", "basic-realm") %}
  {% do c1.environment.add_env("REGISTRY_AUTH_HTPASSWD_PATH", values.consts.htpasswd_path) %}
  {% set users = namespace(x=[]) %}
  {% for user in values.distribution.basic_auth_users %}
    {% do users.x.append(tpl.funcs.htpasswd(user.username, user.password)) %}
  {% endfor %}
  {% do c1.configs.add("htpasswd", users.x | join("\n"), values.consts.htpasswd_path) %}
{% endif %}

{% do c1.environment.add_user_envs(values.distribution.additional_envs) %}

{% do c1.add_port(values.network.api_port) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{{ tpl.render() | tojson }}