{%- if slap_software_type == software_type -%}
{% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
[buildout]
extends =
  {{ parameter_dict['common_profile'] }}
  {{ parameter_dict['monitor_template'] }}
  {{ parameter_dict['logrotate_base_instance'] }}

parts =
  directory
  logrotate-entry-caddy
  caddy-frontend
  switch-caddy-softwaretype
  caucase-updater
  frontend-caddy-graceful
  not-found-html
  port-redirection
  promise-frontend-caddy-configuration
  promise-caddy-frontend-v4-https
  promise-caddy-frontend-v4-http
  promise-caddy-frontend-v6-https
  promise-caddy-frontend-v6-http
  promise-caddy-frontend-cached
  promise-caddy-frontend-ssl-cached

  trafficserver-launcher
  trafficserver-reload
  trafficserver-configuration-directory
  trafficserver-records-config
  trafficserver-remap-config
  trafficserver-plugin-config
  trafficserver-storage-config
  trafficserver-ip-allow-config
  trafficserver-logging-config
  trafficserver-promise-listen-port
  trafficserver-promise-cache-availability
  cron-entry-logrotate-trafficserver
## Monitor for Caddy
  monitor-base
  monitor-ats-cache-stats-wrapper
  monitor-traffic-summary-last-stats-wrapper
  monitor-caddy-server-status-wrapper
  monitor-verify-re6st-connectivity

# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory

bin = ${buildout:directory}/bin/
etc = ${buildout:directory}/etc/
srv = ${buildout:directory}/srv/
var = ${buildout:directory}/var/
tmp = ${:var}/tmp
template = ${buildout:directory}/template/

backup = ${:srv}/backup
log = ${:var}/log
run = ${:var}/run
service = ${:etc}/service
etc-run = ${:etc}/run
plugin = ${:etc}/plugin

ca-dir = ${:srv}/ssl
# BBB: SlapOS Master non-zero knowledge BEGIN
bbb-ssl-dir = ${:srv}/bbb-ssl
# BBB: SlapOS Master non-zero knowledge END

frontend_cluster = ${:var}/frontend_cluster

# csr_id publication
csr_id = ${:srv}/csr_id
caddy-csr_id = ${:etc}/caddy-csr_id
caddy-csr_id-log = ${:log}/httpd-csr_id

[switch-caddy-softwaretype]
recipe = slapos.cookbook:softwaretype
single-default = ${dynamic-custom-personal-template-slave-list:rendered}
single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered}

[frontend-configuration]
template-log-access = {{ parameter_dict['template_log_access'] }}
log-access-configuration = ${directory:etc}/log-access.conf
ip-access-certificate = ${self-signed-ip-access:certificate}
caddy-directory = {{ parameter_dict['caddy_location'] }}
caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
caddy-https-port = ${configuration:port}

[self-signed-ip-access]
# Self Signed certificate for HTTPS IP accesses to the frontend
recipe = plone.recipe.command
update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6}
ipv4 = {{instance_parameter['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
stop-on-error = True
command =
  [ -f ${:certificate} ] && exit 0
  rm -f ${:certificate}
  /bin/bash -c ' \
  {{ parameter_dict['openssl'] }} req \
     -new -newkey rsa:2048 -sha256 \
     -nodes -x509 -days 36500 \
     -keyout ${:certificate} \
     -subj "/CN=Self Signed IP Access" \
     -reqexts SAN \
     -extensions SAN \
     -config <(cat {{ parameter_dict['openssl_cnf'] }} \
         <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \
     -out ${:certificate}'

[self-signed-fallback-access]
# Self Signed certificate for HTTPS access to the frontend with fallback certificate
recipe = plone.recipe.command
update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6}
ipv4 = {{instance_parameter['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt
stop-on-error = True
command =
  [ -f ${:certificate} ] && exit 0
  rm -f ${:certificate}
  /bin/bash -c ' \
  {{ parameter_dict['openssl'] }} req \
     -new -newkey rsa:2048 -sha256 \
     -nodes -x509 -days 36500 \
     -keyout ${:certificate} \
     -subj "/CN=Fallback certificate/OU={{ instance_parameter['configuration.frontend-name'] }}" \
     -out ${:certificate}'

[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
extra-context =
slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
context =
    import json_module json
    raw common_profile {{ parameter_dict['common_profile'] }}
    raw logrotate_base_instance {{ parameter_dict['logrotate_base_instance'] }}
    key slap_software_type :slap_software_type
    key slapparameter_dict :slapparameter_dict
    section directory directory
    ${:extra-context}

[software-release-path]
template-empty = {{ parameter_dict['template_empty'] }}
template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }}

[kedifa-login-config]
d = ${directory:ca-dir}
template-csr = ${:d}/kedifa-login-template-csr.pem
key = ${:d}/kedifa-login-certificate.pem
certificate = ${:key}
ca-certificate = ${:d}/kedifa-caucase-ca.pem
cas-ca-certificate = ${:d}/kedifa-cas-caucase-ca.pem
crl = ${:d}/kedifa-login-crl.pem

[kedifa-login-csr]
recipe = plone.recipe.command
organization = {{ slapparameter_dict['cluster-identification'] }}
organizational_unit = {{ instance_parameter['configuration.frontend-name'] }}
command =
{% if slapparameter_dict['kedifa-caucase-url'] %}
  if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ]  ; then
    {{ parameter_dict['openssl'] }} req -new -sha256 \
      -newkey rsa:2048 -nodes -keyout ${:key} \
      -subj "/O=${:organization}/OU=${:organizational_unit}" \
      -out ${:template-csr}
  fi
{% endif %}
  test -f ${:key} && test -f ${:template-csr}
update-command = ${:command}
template-csr = ${kedifa-login-config:template-csr}
key = ${kedifa-login-config:key}
stop-on-error = True

{{ caucase.updater(
     prefix='caucase-updater',
     buildout_bin_directory=parameter_dict['bin_directory'],
     updater_path='${directory:service}/kedifa-login-certificate-caucase-updater',
     url=slapparameter_dict['kedifa-caucase-url'],
     data_dir='${directory:srv}/caucase-updater',
     crt_path='${kedifa-login-config:certificate}',
     ca_path='${kedifa-login-config:ca-certificate}',
     crl_path='${kedifa-login-config:crl}',
     key_path='${kedifa-login-csr:key}',
     template_csr='${kedifa-login-csr:template-csr}',
     openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}}

[dynamic-custom-personal-template-slave-list]
< = jinja2-template-base
template = {{ parameter_dict['template_slave_list'] }}
filename = custom-personal-instance-slave-list.cfg
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }}
caddy_executable = {{ parameter_dict['caddy'] }}
caucase_url = {{ slapparameter_dict['kedifa-caucase-url'] }}
sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel
kedifa-updater = {{ parameter_dict['kedifa-updater'] }}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
kedifa-csr = {{ parameter_dict['kedifa-csr'] }}
service_directory = ${directory:service}
extra-context =
    key kedifa_caucase_ca_certificate kedifa-login-config:ca-certificate
    key kedifa_login_certificate kedifa-login-config:certificate
    key caddy_configuration_directory caddy-directory:slave-configuration
    key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    key kedifa_updater :kedifa-updater
    key kedifa_updater_mapping_file :kedifa-updater-mapping-file
    key kedifa_updater_state_file :kedifa-updater-state-file
    key kedifa_csr :kedifa-csr
    key caddy_executable :caddy_executable
    key caucase_url :caucase_url
    key directory_csr_id directory:csr_id
    key directory_caddy_csr_id directory:caddy-csr_id
    key directory_tmp directory:tmp
    key directory_caddy_csr_id_log directory:caddy-csr_id-log
    key certificate_organization kedifa-login-csr:organization
    key certificate_organizational_unit kedifa-login-csr:organizational_unit
    key csr_id_csr caucase-updater-csr:csr
    key csr_crl kedifa-login-config:crl
    key csr_cas_ca_certificate kedifa-login-config:cas-ca-certificate
    key http_port configuration:plain_http_port
    key https_port configuration:port
    key public_ipv4 configuration:public-ipv4
    key slave_instance_list :slave_instance_list
    key extra_slave_instance_list :extra_slave_instance_list
    key master_key_download_url :master_key_download_url
    key slave_kedifa_information :slave_kedifa_information
    key autocert caddy-directory:autocert
    key master_certificate caddy-configuration:master-certificate
    key caddy_log_directory caddy-directory:slave-log
    key local_ipv4 :local_ipv4
    key local_ipv6 :local_ipv6
    key global_ipv6 slap-network-information:global-ipv6
    key empty_template software-release-path:template-empty
    key template_custom_slave_configuration software-release-path:template-slave-configuration
    key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
    key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
    key software_type :software_type
    key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
    key frontend_graceful_reload caddy-configuration:frontend-graceful-command
    section frontend_configuration frontend-configuration
    section caddy_configuration caddy-configuration
    key monitor_base_url monitor-instance-parameter:monitor-base-url 
    key plugin_directory directory:plugin
    key report_directory directory:bin
    key bin_directory :bin_directory
    key enable_http2_by_default configuration:enable-http2-by-default
    key global_disable_http2 configuration:global-disable-http2
    key proxy_try_duration configuration:proxy-try-duration
    key proxy_try_interval configuration:proxy-try-interval
    key access_log caddy-configuration:access-log
    key error_log caddy-configuration:error-log
    key sixtunnel_executable :sixtunnel_executable
    key service_directory directory:service
    key run_directory directory:etc-run
    key not_found_file caddy-configuration:not-found-file
    key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN
    key bbb_ssl_directory directory:bbb-ssl-dir
    key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END

[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
# BBB: apache_custom_https and apache_custom_http
extra-context =
    key https_port configuration:port
    key http_port configuration:plain_http_port
    key apache_custom_https configuration:apache_custom_https
    key apache_custom_http configuration:apache_custom_http
    key caddy_custom_https configuration:caddy_custom_https
    key caddy_custom_http configuration:caddy_custom_http

# Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_frontend_configuration'] }}
rendered = ${caddy-configuration:frontend-configuration}
local_ipv4 =  {{ dumps(instance_parameter['ipv4-random']) }}
extra-context =
    key httpd_home software-release-path:caddy-location
    key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
    key instance_home buildout:directory
    key master_certificate caddy-configuration:master-certificate
    key access_log caddy-configuration:access-log
    key slave_configuration_directory caddy-directory:slave-configuration
    key cached_port caddy-configuration:cache-through-port
    key ssl_cached_port caddy-configuration:ssl-cache-through-port
    key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
    section frontend_configuration frontend-configuration
    key http_port configuration:plain_http_port
    key https_port configuration:port
    key local_ipv4 :local_ipv4
    key global_ipv6 slap-network-information:global-ipv6
    key error_log caddy-configuration:error-log
    key not_found_file caddy-configuration:not-found-file
    key username monitor-instance-parameter:username
    key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN
    key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END

[caddy-wrapper]
recipe = slapos.cookbook:wrapper
environment =
  CADDYPATH=${directory:frontend_cluster}
command-line = {{ parameter_dict['caddy'] }}
  -conf ${dynamic-caddy-frontend-template:rendered}
  -log ${caddy-configuration:error-log}
  -log-roll-mb 0
{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
  -http2=false
{% else %}
  -http2=true
{% endif %}
{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
  -quic
{% endif %}
  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
  -disable-http-challenge
  -disable-tls-alpn-challenge
wrapper-path = ${directory:bin}/caddy-wrapper

[caddy-frontend]
recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:wrapper-path} -pidfile ${caddy-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_caddy
hash-files =
  ${buildout:directory}/software_release/buildout.cfg
  ${caddy-wrapper:wrapper-path}

[not-found-html]
recipe = slapos.cookbook:symbolic.link
target-directory = ${caddy-directory:document-root}
link-binary =
	    {{ parameter_dict['template_not_found_html'] }}

[caddy-directory]
recipe = slapos.cookbook:mkdirectory
document-root = ${directory:srv}/htdocs
slave-configuration = ${directory:etc}/caddy-slave-conf.d/
slave-with-cache-configuration = ${directory:etc}/caddy-slave-with-cache-conf.d/
cache = ${directory:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl
slave-log = ${directory:log}/httpd
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert
custom-ssl-directory = ${:slave-configuration}/ssl

[caddy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile
access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:rendered} && kill -USR1 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/notfound.html
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
# Communication with ATS
cache-port = ${trafficserver-variable:input-port}
cache-through-port = 26011
ssl-cache-through-port = 26012

# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
recipe = collective.recipe.shelloutput
commands =
  certificate = cat ${self-signed-fallback-access:certificate}

[apache-certificate]
recipe = slapos.recipe.template:jinja2
template = inline:
{% raw %}
  {{ certificate or fallback_certificate }}
  {{ key or '' }}
{% endraw %}
context =
  key certificate configuration:apache-certificate
  key key configuration:apache-key
  key fallback_certificate get-self-signed-fallback-access:certificate
rendered = ${directory:bbb-ssl-dir}/frontend.crt
# BBB: SlapOS Master non-zero knowledge END

[logrotate-entry-caddy]
<= logrotate-entry-base
name = caddy
log = ${caddy-configuration:error-log} ${caddy-configuration:access-log}
rotate-num = 30
# Note: Slaves do not define their own reload, as this would be repeated,
#       because sharedscripts work per entry, and each slave needs its own
#       olddir
#       Here we trust that there will be something to be rotated with error
#       or access log, and that this will trigger postrotate script.
post = ${frontend-caddy-lazy-graceful:rendered} &

#################
# Trafficserver
#################
[trafficserver-directory]
recipe = slapos.cookbook:mkdirectory
configuration = ${directory:etc}/trafficserver
local-state = ${directory:var}/trafficserver
bin_path = {{ parameter_dict['trafficserver'] }}/bin
log = ${directory:log}/trafficserver
cache-path = ${directory:srv}/ats_cache
logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver

[trafficserver-variable]
wrapper-path = ${directory:service}/trafficserver
reload-path = ${directory:etc-run}/trafficserver-reload
local-ip = {{ instance_parameter['ipv4-random'] }}
input-port = 23432
hostname = ${configuration:frontend-name}
remap = map /HTTPS/ http://{{ instance_parameter['ipv4-random'] }}:${caddy-configuration:ssl-cache-through-port}
  map / http://{{ instance_parameter['ipv4-random'] }}:${caddy-configuration:cache-through-port}

plugin-config =
ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
cache-path = ${trafficserver-directory:cache-path}
disk-cache-size = ${configuration:disk-cache-size}
synthetic-port = ${configuration:trafficserver-synthetic-port}
mgmt-port = ${configuration:trafficserver-mgmt-port}
ram-cache-size = ${configuration:ram-cache-size}
templates-dir = {{ parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory

[trafficserver-configuration-directory]
recipe = plone.recipe.command
command = cp -rn {{ parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target}
target = ${trafficserver-directory:configuration}

[trafficserver-launcher]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_cop
wrapper-path = ${trafficserver-variable:wrapper-path}
environment = TS_ROOT=${buildout:directory}
hash-files = ${buildout:directory}/software_release/buildout.cfg

[trafficserver-reload]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload
wrapper-path = ${trafficserver-variable:reload-path}
environment = TS_ROOT=${buildout:directory}

# XXX Dedicated Jinja Section without slapparameter
[trafficserver-jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${trafficserver-directory:configuration}/${:filename}
extra-context =
mode = 600
context =
    section ats_directory trafficserver-directory
    section ats_configuration trafficserver-variable
    ${:extra-context}

[trafficserver-records-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_records_config_location'] }}/{{ parameter_dict['template_trafficserver_records_config_filename'] }}
filename = records.config
extra-context =
    import os_module os

[trafficserver-storage-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_storage_config_location'] }}/{{ parameter_dict['template_trafficserver_storage_config_filename'] }}
filename = storage.config

[trafficserver-logging-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_logging_config_location'] }}/{{ parameter_dict['template_trafficserver_logging_config_filename'] }}
filename = logging.config

[trafficserver-remap-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
filename = remap.config
context =
    key content trafficserver-variable:remap

[trafficserver-plugin-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
filename = plugin.config
context =
    key content trafficserver-variable:plugin-config

[trafficserver-ip-allow-config]
< = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
filename = ip_allow.config
context =
    key content trafficserver-variable:ip-allow-config

[promise-plugin-base]
recipe = slapos.cookbook:promise.plugin
eggs =
  slapos.toolbox
content =
  from slapos.promise.plugin.${:module} import RunPromise
output = ${directory:plugin}/${:name}


[trafficserver-promise-listen-port]
<= promise-plugin-base
module = check_port_listening
name = trafficserver-port-listening.py
config-hostname = ${trafficserver-variable:local-ip}
config-port = ${trafficserver-variable:input-port}

[trafficserver-ctl]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl
wrapper-path = ${directory:bin}/traffic_ctl
environment = TS_ROOT=${buildout:directory}

[trafficserver-promise-cache-availability]
<= promise-plugin-base
module = trafficserver_cache_availability
name = trafficserver-cache-availability.py
config-wrapper-path = ${trafficserver-ctl:wrapper-path}

[trafficserver-rotate-script]
< = jinja2-template-base
template = {{ parameter_dict['template_rotate_script'] }}
rendered = ${directory:bin}/trafficserver-rotate
mode = 0700
xz_binary = {{ parameter_dict['xz_location'] ~ '/bin/xz' }}
pattern = *.old
# days to keep log files
keep_days = 365

extra-context =
  key log_dir trafficserver-directory:log
  key rotate_dir trafficserver-directory:logrotate-backup
  key xz_binary :xz_binary
  key keep_days :keep_days
  key pattern :pattern

[cron-entry-logrotate-trafficserver]
recipe = slapos.cookbook:cron.d
cron-entries = ${directory:etc}/cron.d
name = trafficserver-logrotate
frequency = 0 0 * * *
command = ${trafficserver-rotate-script:rendered}

### End of ATS sections

### Caddy Graceful and promises
[frontend-caddy-configuration-state]
< = jinja2-template-base
template = {{ parameter_dict['template_configuration_state_script'] }}
rendered = ${directory:bin}/${:_buildout_section_name_}
mode = 0700

path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }}

extra-context =
    key path_list :path_list
    key sha256sum :sha256sum
    key signature_file :signature_file

[frontend-caddy-configuration-state-graceful]
< = frontend-caddy-configuration-state
signature_file = ${directory:run}/graceful_configuration_state_signature

[frontend-caddy-configuration-state-validate]
< = frontend-caddy-configuration-state
signature_file = ${directory:run}/validate_configuration_state_signature

[frontend-caddy-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
mode = 0700

extra-context =
    key graceful_reload_command caddy-configuration:frontend-graceful-command
    key caddy_configuration_state frontend-caddy-configuration-state-graceful:rendered

[frontend-caddy-validate]
< = jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }}
rendered = ${directory:bin}/frontend-caddy-validate
mode = 0700
last_state_file = ${directory:run}/caddy_configuration_last_state
extra-context =
    key wrapper caddy-wrapper:wrapper-path
    key caddy_configuration_state frontend-caddy-configuration-state-validate:rendered
    key last_state_file :last_state_file

[frontend-caddy-lazy-graceful]
< = jinja2-template-base
template = {{ parameter_dict['template_caddy_lazy_script_call'] }}
rendered = ${directory:bin}/frontend-caddy-lazy-graceful
mode = 0700
pid-file = ${directory:run}/lazy-graceful.pid
wait_time = 60
extra-context =
    key pid_file :pid-file
    key wait_time :wait_time
    key lazy_command caddy-configuration:frontend-graceful-command

# Promises checking configuration:
[promise-helper-last-configuration-state]
< = jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
rendered = ${directory:bin}/frontend-read-last-configuration-state
mode = 0700
content =
  #!/bin/sh
  exit `cat ${frontend-caddy-validate:last_state_file}`
context =
    key content :content

[promise-frontend-caddy-configuration]
<= promise-plugin-base
module = validate_frontend_configuration
name = frontend-caddy-configuration-promise.py
config-verification-script = ${promise-helper-last-configuration-state:rendered}

[promise-caddy-frontend-v4-https]
<= promise-plugin-base
module = check_port_listening
name = caddy_frontend_ipv4_https.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${configuration:port}

[promise-caddy-frontend-v4-http]
<= promise-plugin-base
module = check_port_listening
name = caddy_frontend_ipv4_http.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${configuration:plain_http_port}

[promise-caddy-frontend-v6-https]
<= promise-plugin-base
module = check_port_listening
name = caddy_frontend_ipv6_https.py
config-hostname = {{ instance_parameter['ipv6-random'] }}
config-port = ${configuration:port}

[promise-caddy-frontend-v6-http]
<= promise-plugin-base
module = check_port_listening
name = caddy_frontend_ipv6_http.py
config-hostname = {{ instance_parameter['ipv6-random'] }}
config-port = ${configuration:plain_http_port}

[promise-caddy-frontend-cached]
<= promise-plugin-base
module = check_port_listening
name = caddy_cached.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${caddy-configuration:cache-through-port}

[promise-caddy-frontend-ssl-cached]
<= promise-plugin-base
module = check_port_listening
name = caddy_ssl_cached.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${caddy-configuration:ssl-cache-through-port}

#######
# Monitoring sections
#

[monitor-instance-parameter]
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
#       directly, and in our case it can come from the network, thus resulting
#       with need to strip !py!'u'
{% set monitor_httpd_port = instance_parameter.get('configuration.monitor-httpd-port') %}
{% if monitor_httpd_port %}
monitor-httpd-port = {{ monitor_httpd_port | int }}
{% endif -%}

[monitor-conf-parameters]
private-path-list += 
  ${logrotate-directory:logrotate-backup}


[monitor-traffic-summary-last-stats-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/traffic-summary-last-stats_every_1_hour
mode = 0700
command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>"
extra-context =
  key content monitor-traffic-summary-last-stats-wrapper:command

# Produce ATS Cache stats
[monitor-ats-cache-stats-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/ats-cache-stats_every_1_hour
mode = 0700
command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>"
extra-context =
  key content monitor-ats-cache-stats-wrapper:command

[monitor-caddy-server-status-wrapper]
< = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/monitor-caddy-server-status-wrapper
mode = 0700
command = {{ parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
extra-context =
  key content monitor-caddy-server-status-wrapper:command

[monitor-ats-cache-stats-config]
< = jinja2-template-base
template = {{ parameter_dict['template_empty'] }}
rendered = ${trafficserver-configuration-directory:target}/cache-config.stats
mode = 644
context =
    raw content show:cache-stats

[monitor-verify-re6st-connectivity]
<= promise-plugin-base
module = check_url_available
name = re6st-connectivity.py
config-url = ${configuration:re6st-verification-url}

[port-redirection]
<= jinja2-template-base
template = inline:
  [{"srcPort": 80, "destPort": {{ '{{' }} http_port {{ '}}' }}}, {"srcPort": 443, "destPort": {{ '{{' }} https_port {{ '}}' }}}]
rendered = ${buildout:directory}/.slapos-port-redirect
mode = 0644
extra-context =
    key http_port configuration:plain_http_port
    key https_port configuration:port

[configuration]
{%- for key, value in instance_parameter.iteritems() -%}
{%-   if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%-   endif -%}
{%- endfor -%}
{%- endif -%} {# if slap_software_type == software_type #}