{%- if slap_software_type == software_type -%}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
[buildout]
extends =
  {{ parameter_dict['common_profile'] }}
  {{ parameter_dict['monitor_template'] }}

parts =
  directory
  configtest
  logrotate
  cron
  cron-entry-logrotate
  ca-frontend
  ca-frontend-service
  certificate-authority
  certificate-authority-service
  logrotate-entry-caddy
  logrotate-entry-nginx
  caddy-frontend
  switch-caddy-softwaretype
  frontend-caddy-graceful
  frontend-nginx-graceful
  not-found-html
  port-redirection
  promise-frontend-caddy-configuration
  promise-caddy-frontend-v4-https
  promise-caddy-frontend-v4-http
  promise-caddy-frontend-v6-https
  promise-caddy-frontend-v6-http
  promise-caddy-frontend-cached
  promise-caddy-frontend-ssl-cached
  promise-caddy-is-process-older-than-dependency-set

  promise-nginx-frontend-v4-https
  promise-nginx-frontend-v4-http
  promise-nginx-frontend-v6-https
  promise-nginx-frontend-v6-http
  promise-nginx-configuration
  promise-nginx-is-process-older-than-dependency-set

  trafficserver-launcher
  trafficserver-reload
  trafficserver-configuration-directory
  trafficserver-records-config
  trafficserver-remap-config
  trafficserver-plugin-config
  trafficserver-storage-config
  trafficserver-promise-listen-port
  trafficserver-promise-cache-availability

## Nginx
  nginx-frontend

## Monitor for Caddy
  monitor-base
  monitor-ats-cache-stats-wrapper
  monitor-traffic-summary-last-stats-wrapper
  monitor-caddy-server-status-wrapper
  monitor-verify-re6st-connectivity

# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory

bin = ${buildout:directory}/bin/
etc = ${buildout:directory}/etc/
srv = ${buildout:directory}/srv/
var = ${buildout:directory}/var/
template = ${buildout:directory}/template/

backup = ${:srv}/backup
log = ${:var}/log
run = ${:var}/run
service = ${:etc}/service
etc-run = ${:etc}/run
promise = ${:etc}/promise

logrotate-backup = ${:backup}/logrotate
logrotate-entries = ${:etc}/logrotate.d

cron-entries = ${:etc}/cron.d
crontabs = ${:etc}/crontabs
cronstamps = ${:etc}/cronstamps
ca-dir = ${:srv}/ssl

varnginx = ${:var}/nginx

[switch-caddy-softwaretype]
recipe = slapos.cookbook:softwaretype
single-default = ${dynamic-custom-personal-template-slave-list:rendered}
single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered}

[frontend-configuration]
template-log-access = {{ parameter_dict['template_log_access'] }}
log-access-configuration = ${directory:etc}/log-access.conf
caddy-directory = {{ parameter_dict['caddy_location'] }}
caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
caddy-https-port = ${configuration:port}

[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extra-context =
slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
context =
    import json_module json
    raw common_profile {{ parameter_dict['common_profile'] }}
    key slap_software_type :slap_software_type
    key slapparameter_dict :slapparameter_dict
    section directory directory
    ${:extra-context}

[software-release-path]
template-empty = {{ parameter_dict['template_empty'] }}
template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }}
template-nginx-eventsource-slave-virtualhost = {{ parameter_dict['template_nginx_eventsource_slave_virtualhost'] }}
template-nginx-notebook-slave-virtualhost = {{ parameter_dict['template_nginx_notebook_slave_virtualhost'] }}

[dynamic-custom-personal-template-slave-list]
< = jinja2-template-base
template = {{ parameter_dict['template_slave_list'] }}
filename = custom-personal-instance-slave-list.cfg
extensions = jinja2.ext.do
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }}
sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel
service_directory = ${directory:service}
extra-context =
    key caddy_configuration_directory caddy-directory:slave-configuration
    key nginx_configuration_directory caddy-directory:nginx-slave-configuration
    key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    key http_port configuration:plain_http_port
    key https_port configuration:port
    key nginx_http_port configuration:plain_nginx_port
    key nginx_https_port configuration:nginx_port
    key public_ipv4 configuration:public-ipv4
    key slave_instance_list :slave_instance_list
    key extra_slave_instance_list :extra_slave_instance_list
    key custom_ssl_directory caddy-directory:vh-ssl
    key caddy_log_directory caddy-directory:slave-log
    key local_ipv4 :local_ipv4
    key local_ipv6 :local_ipv6
    key global_ipv6 slap-network-information:global-ipv6
    key varnginx directory:varnginx
    key empty_template software-release-path:template-empty
    key template_custom_slave_configuration software-release-path:template-slave-configuration
    key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
    key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
    key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost
    key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
    key software_type :software_type
    key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
    section logrotate_dict logrotate
    section frontend_configuration frontend-configuration
    section caddy_configuration caddy-configuration
    section nginx_configuration nginx-configuration
    key monitor_base_url monitor-instance-parameter:monitor-base-url 
    key promise_directory monitor-directory:promises
    key report_directory monitor-directory:reports
    key bin_directory :bin_directory
    key login_certificate ca-frontend:cert-file
    key login_key ca-frontend:key-file
    key login_ca_crt ca-custom-frontend:rendered
    key enable_http2_by_default configuration:enable-http2-by-default
    key access_log caddy-configuration:access-log
    key error_log caddy-configuration:error-log
    key sixtunnel_executable :sixtunnel_executable
    key service_directory directory:service
    key not_found_file caddy-configuration:not-found-file

[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
extensions = jinja2.ext.do
# BBB: apache_custom_https and apache_custom_http
extra-context =
    key https_port configuration:port
    key http_port configuration:plain_http_port
    key apache_custom_https configuration:apache_custom_https
    key apache_custom_http configuration:apache_custom_http
    key caddy_custom_https configuration:caddy_custom_https
    key caddy_custom_http configuration:caddy_custom_http

# Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_frontend_configuration'] }}
rendered = ${caddy-configuration:frontend-configuration}
local_ipv4 =  {{ dumps(instance_parameter['ipv4-random']) }}
extra-context =
    key httpd_home software-release-path:caddy-location
    key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
    key instance_home buildout:directory
    key login_certificate ca-frontend:cert-file
    key login_key ca-frontend:key-file
    key login_ca_crt ca-custom-frontend:rendered
    key ca_dir  certificate-authority:ca-dir
    key ca_crl certificate-authority:ca-crl
    key access_log caddy-configuration:access-log
    key slave_configuration_directory caddy-directory:slave-configuration
    key cached_port caddy-configuration:cache-through-port
    key ssl_cached_port caddy-configuration:ssl-cache-through-port
    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    section frontend_configuration frontend-configuration
    key http_port configuration:plain_http_port
    key https_port configuration:port
    key local_ipv4 :local_ipv4
    key global_ipv6 slap-network-information:global-ipv6
    key error_log caddy-configuration:error-log
    key not_found_file caddy-configuration:not-found-file
    key username monitor-instance-parameter:username
    key password monitor-htpasswd:passwd

[caddy-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }}
  -conf ${dynamic-caddy-frontend-template:rendered}
  -log ${caddy-configuration:error-log}
  -http2=true
{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
  -quic
{% endif %}
  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
  -disable-http-challenge
  -disable-tls-sni-challenge
wrapper-path = ${directory:bin}/caddy-wrapper

[caddy-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:wrapper-path} -pidfile ${caddy-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_caddy
wait-for-files =
	       ${ca-frontend:cert-file}
	       ${ca-frontend:key-file}
hash-files = ${buildout:directory}/software_release/buildout.cfg

[not-found-html]
recipe = slapos.cookbook:symbolic.link
target-directory = ${caddy-directory:document-root}
link-binary =
	    {{ parameter_dict['template_not_found_html'] }}

[caddy-directory]
recipe = slapos.cookbook:mkdirectory
document-root = ${directory:srv}/htdocs
slave-configuration = ${directory:etc}/caddy-slave-conf.d/
slave-with-cache-configuration = ${directory:etc}/caddy-slave-with-cache-conf.d/
cache = ${directory:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl
vh-ssl = ${:slave-configuration}/ssl
slave-log = ${directory:log}/httpd
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/

[caddy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile
access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid
frontend-configuration-verification = ${caddy-wrapper:wrapper-path} -validate > /dev/null
frontend-graceful-command = ${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${:pid-file}); fi
not-found-file = ${caddy-directory:document-root}/notfound.html
# Communication with ATS
cache-port = ${trafficserver-variable:input-port}
cache-through-port = 26011
ssl-cache-through-port = 26012

[configtest]
recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:wrapper-path} -validate
wrapper-path = ${directory:bin}/caddy-configtest

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ parameter_dict['openssl'] }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${cadirectory:requests}
wrapper = ${directory:bin}/certificate_authority
ca-private = ${cadirectory:private}
ca-certs = ${cadirectory:certs}
ca-newcerts = ${cadirectory:newcerts}
ca-crl = ${cadirectory:crl}

[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:service}/certificate_authority
hash-files = ${buildout:directory}/software_release/buildout.cfg

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = ${directory:ca-dir}/requests/
private = ${directory:ca-dir}/private/
certs = ${directory:ca-dir}/certs/
newcerts = ${directory:ca-dir}/newcerts/
crl = ${directory:ca-dir}/crl/

[ca-frontend]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${cadirectory:certs}/frontend.key
cert-file = ${cadirectory:certs}/frontend.crt
executable = ${directory:service}/frontend_caddy
wrapper = ${directory:bin}/frontend_caddy
key-content = ${configuration:apache-key}
cert-content = ${configuration:apache-certificate}
# Put domain name
name = ${configuration:domain}

[ca-frontend-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-frontend:wrapper}
wrapper-path = ${directory:service}/frontend_caddy
hash-files = ${buildout:directory}/software_release/buildout.cfg

[ca-custom-frontend]
< = jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
rendered = ${cadirectory:certs}/frontend.ca.crt
apache-ca-certificate = ${configuration:apache-ca-certificate}
extra-context =
    key content :apache-ca-certificate

[cron]
recipe = slapos.cookbook:cron
dcrond-binary = {{ parameter_dict['dcron'] }}/sbin/crond
cron-entries = ${directory:cron-entries}
crontabs = ${directory:crontabs}
cronstamps = ${directory:cronstamps}
catcher = ${cron-simplelogger:wrapper}
binary = ${directory:service}/crond

[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = ${directory:bin}/cron_simplelogger
log = ${directory:log}/cron.log

[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = ${logrotate:wrapper}

# Deploy Logrotate
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = {{ parameter_dict['logrotate'] }}/sbin/logrotate
gzip-binary = {{ parameter_dict['gzip'] }}/bin/gzip
gunzip-binary = {{ parameter_dict['gzip'] }}/bin/gunzip
# Directories
wrapper = ${directory:bin}/logrotate
conf = ${directory:etc}/logrotate.conf
logrotate-entries = ${directory:logrotate-entries}
backup = ${directory:logrotate-backup}
state-file = ${directory:srv}/logrotate.status

[logrotate-entry-caddy]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = caddy
log = ${caddy-configuration:error-log} ${caddy-configuration:access-log}
frequency = daily
rotatep-num = 30
post = ${frontend-caddy-lazy-graceful:rendered} &
sharedscripts = true
notifempty = true
create = true

[logrotate-entry-nginx]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = caddy-nginx
log = ${nginx-configuration:error_log} ${nginx-configuration:access_log}
frequency = daily
rotatep-num = 30
post = ${nginx-configuration:nginx-graceful-command}
sharedscripts = true
notifempty = true
create = true

#################
# Trafficserver
#################
[trafficserver-directory]
recipe = slapos.cookbook:mkdirectory
configuration = ${directory:etc}/trafficserver
local-state = ${directory:var}/trafficserver
bin_path = {{ parameter_dict['trafficserver'] }}/bin
log = ${directory:log}/trafficserver
cache-path = ${directory:srv}/ats_cache

[trafficserver-variable]
wrapper-path = ${directory:service}/trafficserver
reload-path = ${directory:etc-run}/trafficserver-reload
local-ip = {{ instance_parameter['ipv4-random'] }}
input-port = 23432
hostname = ${configuration:frontend-name}
remap = map /HTTPS/ http://{{ instance_parameter['ipv4-random'] }}:${caddy-configuration:ssl-cache-through-port}
  map / http://{{ instance_parameter['ipv4-random'] }}:${caddy-configuration:cache-through-port}

plugin-config = {{ parameter_dict['trafficserver'] }}/libexec/trafficserver/rfc5861.so
cache-path = ${trafficserver-directory:cache-path}
disk-cache-size = ${configuration:disk-cache-size}
autoconf-port = ${configuration:trafficserver-autoconf-port}
mgmt-port = ${configuration:trafficserver-mgmt-port}
ram-cache-size = ${configuration:ram-cache-size}

[trafficserver-configuration-directory]
recipe = plone.recipe.command
command = cp -rn {{ parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target}
target = ${trafficserver-directory:configuration}

[trafficserver-launcher]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_cop
wrapper-path = ${trafficserver-variable:wrapper-path}
environment = TS_ROOT=${buildout:directory}
hash-files = ${buildout:directory}/software_release/buildout.cfg

[trafficserver-reload]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_line -x
wrapper-path = ${trafficserver-variable:reload-path}
environment = TS_ROOT=${buildout:directory}

# XXX Dedicated Jinja Section without slapparameter
[trafficserver-jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${trafficserver-directory:configuration}/${:filename}
extra-context =
mode = 600
context =
    section ats_directory trafficserver-directory
    section ats_configuration trafficserver-variable
    ${:extra-context}

[trafficserver-records-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_records_config_location'] }}/{{ parameter_dict['template_trafficserver_records_config_filename'] }}
filename = records.config
extra-context =
    import os_module os

[trafficserver-storage-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_storage_config_location'] }}/{{ parameter_dict['template_trafficserver_storage_config_filename'] }}
filename = storage.config

[trafficserver-remap-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
filename = remap.config
context =
    key content trafficserver-variable:remap

[trafficserver-plugin-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
filename = plugin.config
context =
    key content trafficserver-variable:plugin-config

[trafficserver-promise-listen-port]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/trafficserver-port-listening
hostname = ${trafficserver-variable:local-ip}
port = ${trafficserver-variable:input-port}

[trafficserver-line]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_line
wrapper-path = ${directory:bin}/traffic_line
environment = TS_ROOT=${buildout:directory}

[trafficserver-promise-cache-availability]
recipe = collective.recipe.template
input =
  inline:#!${buildout:executable}
  import subprocess
  import sys
  traffic_line = "${trafficserver-line:wrapper-path}"
  result = float(subprocess.check_output([traffic_line, '-r',  'proxy.node.cache.percent_free' ]))
  if result != 0: sys.exit(0)
  sys.stderr.write("Cache not available, availability: %s" % result)
  sys.exit(127)
output = ${directory:promise}/trafficserver-cache-availability
mode = 700

### End of ATS sections

### Caddy Graceful and promises
[frontend-caddy-graceful-bin]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/frontend-caddy-safe-graceful
mode = 0700
extra-context =
    key content caddy-configuration:frontend-graceful-command

[frontend-caddy-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
mode = 0700
extra-context =
    key directory_run directory:run
    key directory_etc directory:etc
    key directory_bin directory:bin
    key caddy_graceful_reload_command caddy-configuration:frontend-graceful-command

[frontend-caddy-lazy-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_lazy_script_call'] }}
rendered = ${directory:bin}/frontend-caddy-lazy-graceful
mode = 0700
pid-file = ${directory:run}/lazy-graceful.pid
wait_time = 60
extra-context =
    key pid_file :pid-file
    key wait_time :wait_time
    key lazy_command caddy-configuration:frontend-graceful-command

# Promises checking configuration:
[promise-frontend-caddy-configuration]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:promise}/frontend-caddy-configuration-promise
mode = 0700
extra-context =
    key content caddy-configuration:frontend-configuration-verification

[promise-caddy-frontend-v4-https]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/caddy_frontend_ipv4_https
hostname = {{ instance_parameter['ipv4-random'] }}
port = ${configuration:port}

[promise-caddy-frontend-v4-http]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/caddy_frontend_ipv4_http
hostname = {{ instance_parameter['ipv4-random'] }}
port = ${configuration:plain_http_port}

[promise-caddy-frontend-v6-https]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/caddy_frontend_ipv6_https
hostname = {{ instance_parameter['ipv6-random'] }}
port = ${configuration:port}

[promise-caddy-frontend-v6-http]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/caddy_frontend_ipv6_http
hostname = {{ instance_parameter['ipv6-random'] }}
port = ${configuration:plain_http_port}

[promise-caddy-frontend-cached]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/caddy_cached
hostname = {{ instance_parameter['ipv4-random'] }}
port = ${caddy-configuration:cache-through-port}

[promise-caddy-frontend-ssl-cached]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/caddy_ssl_cached
hostname = {{ instance_parameter['ipv4-random'] }}
port = ${caddy-configuration:ssl-cache-through-port}

[promise-caddy-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${caddy-configuration:pid-file} 
wrapper-path = ${directory:promise}/caddy-frontend-is-running-actual-software-release

#######
# Monitoring sections
#

[monitor-instance-parameter]
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
#       directly, and in our case it can come from the network, thus resulting
#       with need to strip !py!'u'
{% set monitor_httpd_port = instance_parameter.get('configuration.monitor-httpd-port') %}
{% if monitor_httpd_port %}
monitor-httpd-port = {{ monitor_httpd_port | int }}
{% endif -%}

[monitor-conf-parameters]
private-path-list += 
  ${directory:logrotate-backup}


[monitor-traffic-summary-last-stats-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${monitor-directory:reports}/traffic-summary-last-stats_every_1_hour
mode = 0700
command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>"
extra-context =
  key content monitor-traffic-summary-last-stats-wrapper:command

# Produce ATS Cache stats
[monitor-ats-cache-stats-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${monitor-directory:reports}/ats-cache-stats_every_1_hour
mode = 0700
command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>"
extra-context =
  key content monitor-ats-cache-stats-wrapper:command

[monitor-caddy-server-status-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${monitor-directory:reports}/monitor-caddy-server-status-wrapper
mode = 0700
command = {{ parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
extra-context =
  key content monitor-caddy-server-status-wrapper:command

[monitor-ats-cache-stats-config]
< = jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
rendered = ${trafficserver-configuration-directory:target}/cache-config.stats
mode = 644
context =
    raw content show:cache-stats

[monitor-verify-re6st-connectivity]
recipe = slapos.cookbook:check_url_available
path = ${directory:promise}/re6st-connectivity
url = ${configuration:re6st-verification-url}
dash_path = {{ parameter_dict['dash'] }}/bin/dash
curl_path = {{ parameter_dict['curl'] }}/bin/curl

#######################
# Nginx
#
[nginx-wrapper]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }}
  -conf ${dynamic-nginx-frontend-template:rendered}
  -log ${nginx-configuration:error_log}
  -http2=true
  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
  -disable-http-challenge
  -disable-tls-sni-challenge
wrapper-path = ${directory:bin}/nginx-wrapper

[nginx-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${nginx-wrapper:wrapper-path} -pidfile ${nginx-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_nginx
hash-files = ${buildout:directory}/software_release/buildout.cfg

[dynamic-nginx-frontend-template]
< = jinja2-template-base
template = {{ parameter_dict['template_nging_configuration'] }}
rendered = ${directory:etc}/nginx.cfg
mode = 0600
extra-context =
  key port nginx-configuration:port
  key ssl_certificate nginx-configuration:ssl_certificate
  key ssl_key nginx-configuration:ssl_key
  key local_ip nginx-configuration:local_ip
  key plain_port nginx-configuration:plain_port
  key slave_configuration_directory nginx-configuration:slave-configuration-directory
  key error_log nginx-configuration:error_log
  key access_log nginx-configuration:access_log
  key not_found_file caddy-configuration:not-found-file

[nginx-configuration]
access_log = ${directory:log}/nginx-access.log
error_log = ${directory:log}/nginx-error.log
ip = ${slap-network-information:global-ipv6}
local_ip = ${slap-network-information:local-ipv4}
port = ${configuration:nginx_port}
plain_port = ${configuration:plain_nginx_port}
worker_processes = 4
worker_connections = 1024
slave-configuration-directory = ${caddy-directory:nginx-slave-configuration}
pid-file = ${directory:run}/nginx.pid 
nginx-graceful-command = ${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat ${:pid-file}); fi
nginx-configuration-verification = ${nginx-wrapper:wrapper-path} -validate
ssl_certificate = ${ca-frontend:cert-file}
ssl_key = ${ca-frontend:key-file}

[frontend-nginx-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
mode = 0700
extra-context =
    key content nginx-configuration:nginx-graceful-command

[promise-nginx-configuration]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:promise}/nginx-configuration-promise
mode = 0700
extra-context =
    key content nginx-configuration:nginx-configuration-verification

[promise-nginx-frontend-v4-https]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/nginx_frontend_ipv4_https
hostname = {{ instance_parameter['ipv4-random'] }}
port = ${configuration:nginx_port}

[promise-nginx-frontend-v4-http]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/nginx_frontend_ipv4_http
hostname = {{ instance_parameter['ipv4-random'] }}
port = ${configuration:plain_nginx_port}

[promise-nginx-frontend-v6-https]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/nginx_frontend_ipv6_https
hostname = {{ instance_parameter['ipv6-random'] }}
port = ${configuration:nginx_port}

[promise-nginx-frontend-v6-http]
recipe = slapos.cookbook:check_port_listening
path = ${directory:promise}/nginx_frontend_ipv6_http
hostname = {{ instance_parameter['ipv6-random'] }}
port = ${configuration:plain_nginx_port}

[promise-nginx-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${nginx-configuration:pid-file} 
wrapper-path = ${directory:promise}/promise-nginx-is-process-older-than-dependency-set

[port-redirection]
<= jinja2-template-base
template = inline:
  [{"srcPort": 80, "destPort": {{ '{{' }} http_port {{ '}}' }}}, {"srcPort": 443, "destPort": {{ '{{' }} https_port {{ '}}' }}}]
rendered = ${buildout:directory}/.slapos-port-redirect
mode = 0644
extra-context =
    key http_port configuration:plain_http_port
    key https_port configuration:port

[configuration]
{%- for key, value in instance_parameter.iteritems() -%}
{%-   if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%-   endif -%}
{%- endfor -%}
{%- endif -%} {# if slap_software_type == software_type #}