{% set tpl = ix_lib.base.render.Render(values) %}

{% do tpl.funcs.require_unique(values.cloudflared.additional_args, "Additional args") %}
{% do tpl.funcs.require_no_reserved(values.cloudflared.additional_args, "Additional args", values.consts.reserved_args, starts_with=true) %}

{% set c1 = tpl.add_container(values.consts.cloudflared_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}

{% do c1.set_user(values.run_as.user, values.run_as.group) %}
{% do c1.healthcheck.disable() %}

{% do c1.environment.add_env("NO_AUTOUPDATE", true) %}
{% do c1.environment.add_user_envs(values.cloudflared.additional_envs) %}

{% set cmd = namespace(x=[]) %}

{% if values.cloudflared.mode == "tunnel" %}
  {% do cmd.x.extend(["tunnel", "run"]) %}
  {% do c1.environment.add_env("TUNNEL_TOKEN", values.cloudflared.tunnel_token) %}

{% elif values.cloudflared.mode == "proxy-dns" %}

  {% do cmd.x.append("proxy-dns") %}
  {% do cmd.x.extend(["--address", "0.0.0.0"]) %}
  {% do cmd.x.extend(["--port", values.network.tunnel_dns_port.port_number]) %}
  {% for upstream in values.cloudflared.tunnel_dns_upstream %}
    {% do cmd.x.extend(["--upstream", upstream]) %}
  {% endfor %}

  {% do c1.add_port(values.network.tunnel_dns_port) %}
{% endif %}

{% do cmd.x.extend(values.cloudflared.additional_args) %}
{% do c1.set_command(cmd.x if not values.ci else ["tunnel", "--hello-world"]) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, store) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{{ tpl.render() | tojson }}