{% if software_type == slap_software_type -%}
{% set part_list = [] -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
per partition. No more (undefined result), no less (IndexError).
-#}
# TODO: insert varnish between apache & haproxy.
# And think of a way to specify which urls goe through varnish, which go
# directly to haproxy. (maybe just passing literal configuration file chunk)
{% set ipv4 = (ipv4_set | list)[0] -%}
{% set ipv6 = (ipv6_set | list)[0] -%}

{% if use_ipv6 -%}
[zope-tunnel-base]
recipe = slapos.cookbook:ipv4toipv6
runner-path = ${directory:services}/${:base-name}
6tunnel-path = {{ parameter_dict['6tunnel'] }}/bin/6tunnel
shell-path = {{ parameter_dict['dash'] }}/bin/dash
ipv4 = {{ ipv4 }}

{% endif -%}
{% set haproxy_dict = {} -%}
{% set apache_dict = {} -%}
{% set next_port = slapparameter_dict['tcpv4-port'] -%}
{% for family_name, parameter_id_list in slapparameter_dict['zope-family-dict'].items() -%}
{%   set zope_family_address_list = [] -%}
{%   for parameter_id in parameter_id_list -%}
{%     set zope_address_list = slapparameter_dict[parameter_id] -%}
{%     for zope_address, maxconn in zope_address_list -%}
{%       if use_ipv6 -%}
[{{ section('zope-tunnel-' ~ next_port) }}]
< = zope-tunnel-base
base-name = {{ 'zeo-tunnel-' ~ next_port }}
ipv4-port = {{ next_port }}
ipv6-port = {{ zope_address.split(']:')[1] }}
ipv6 = {{ zope_address.split(']:')[0][1:] }}
{%         set zope_effective_address = ipv4 ~ ":" ~ next_port -%}
{%         set next_port = next_port + 1 -%}
{%       else -%}
{%         set zope_effective_address = zope_address -%}
{%       endif -%}
{%       do zope_family_address_list.append((zope_effective_address, maxconn)) -%}
{%     endfor -%}
{%   endfor -%}
{%   set haproxy_port = next_port -%}
{%   set next_port = next_port + 1 -%}
{%   do haproxy_dict.__setitem__(family_name, (haproxy_port, zope_family_address_list)) -%}
{%   do apache_dict.__setitem__(family_name, (next_port, 'http://' ~ ipv4 ~ ':' ~ haproxy_port)) -%}
{%   set next_port = next_port + 1 -%}
{% endfor -%}

[haproxy-cfg-parameter-dict]
socket-path = ${directory:run}/haproxy.sock
server-check-path = {{ slapparameter_dict['haproxy-server-check-path'] }}
backend-dict = {{ dumps(haproxy_dict) }}
ip = {{ ipv4 }}

[haproxy-cfg]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-haproxy-cfg'] }}
rendered = ${directory:etc}/haproxy.cfg
context = section parameter_dict haproxy-cfg-parameter-dict

[{{ section('haproxy') }}]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/haproxy
command-line = "{{ parameter_dict['haproxy'] }}/sbin/haproxy" -f "${haproxy-cfg:rendered}"

{# TODO: build socat and wrap it as "${directory:bin}/haproxy-ctl" to connect to "${haproxy-cfg-parameter-dict:socket-path}" #}

[apache]
recipe = slapos.cookbook:apache.zope.backend
backend-list = {{ dumps(apache_dict.values()) }}
ip = {{ dumps([ipv6, ipv4]) }}
wrapper = ${directory:bin}/apache
scheme = https
key-file = ${directory:apache-conf}/apache.key
cert-file = ${directory:apache-conf}/apache.crt
configuration-file = ${directory:apache-conf}/apache.conf
access-control-string = {{ slapparameter_dict['apache-access-control-string'] }}
pid-file = ${directory:run}/apache.pid
lock-file = ${directory:run}/apache.lock
ssl-session-cache = $${directory:log}/apache-ssl-session-cache
error-log = ${directory:log}/apache-error.log
access-log = ${directory:log}/apache-access.log
apache-binary = {{ parameter_dict['apache'] }}/bin/httpd
ssl-authentication = {{ slapparameter_dict['apache-ssl-authentication'] }}
backend-path = {{ slapparameter_dict['apache-backend-path'] }}
# Note: Without certificate-authority main certificate have to be hardcoded
ssl-authentication-certificate = ${certificate-authority:ca-dir}/cacert.pem
ssl-authentication-crl = ${certificate-authority:ca-crl}

[publish]
recipe = slapos.cookbook:publish.serialised
{% for family_name, (apache_port, _) in apache_dict.items() -%}
{{   family_name ~ '-v6' }} = ${apache:scheme}://[{{ ipv6 }}]:{{ apache_port }}
{{   family_name }} = ${apache:scheme}://{{ ipv4 }}:{{ apache_port }}
{% endfor -%}

[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ parameter_dict['openssl'] }}/bin/openssl
ca-dir = ${directory:ca-dir}
requests-directory = ${directory:requests}
wrapper = ${directory:services}/ca
ca-private = ${directory:private}
ca-certs = ${directory:certs}
ca-newcerts = ${directory:newcerts}
ca-crl = ${directory:crl}
{% set ca = slapparameter_dict['ca'] -%}
country-code = {{ ca.get('country-code', 'ZZ') }}
email = {{ ca.get('email', 'nobody@example.com') }}
state = {{ ca.get('state', 'Dummy State') }}
city = {{ ca.get('city', 'Dummy City') }}
company = {{ ca.get('company', 'Dummy Company') }}

[ca-apache]
< = certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${apache:key-file}
cert-file = ${apache:cert-file}
executable = ${apache:wrapper}
wrapper = ${directory:services}/apache

[logrotate-apache]
recipe = slapos.cookbook:logrotate.d
logrotate-entries = ${logrotate:logrotate-entries}
backup = ${logrotate:backup}
name = apache
log = ${apache:error-log} ${apache:access-log}
post = {{ parameter_dict['bin-directory'] }}/killpidfromfile ${apache:pid-file} SIGUSR1

[directory]
recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache
bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc
services = ${:etc}/run
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
ca-dir = ${buildout:directory}/srv/ssl
requests = ${:ca-dir}/requests
private = ${:ca-dir}/private
certs = ${:ca-dir}/certs
newcerts = ${:ca-dir}/newcerts
crl = ${:ca-dir}/crl

[buildout]
extends = {{ parameter_dict['instance-logrotate-cfg'] }}
parts +=
  publish
  logrotate-apache
  haproxy
  ca-apache
  {{ part_list | join('\n  ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}

{% endif %}