{% if software_type == slap_software_type %}

{% set cached_server_dict = {} %}
{% set part_list = [] %}
{% set cache_port = caddy_configuration.get('cache-port') %}
{% set cached_port = caddy_configuration.get('cache-through-port') %}
{% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] %}
{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
{% set slave_log_dict = {} %}
{% if extra_slave_instance_list %}
{%   set slave_instance_information_list = [] %}
{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
{% endif %}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do
extra-context =
context =
    raw common_profile {{ common_profile }}
    ${:extra-context}

{% do logrotate_dict.pop('recipe') %}
[logrotate]
{% for key, value in logrotate_dict.iteritems() %}
{{ key }} = {{ value }}
{% endfor %}

post = {{ frontend_lazy_graceful_reload }} &
frequency = daily
rotatep-num = 30
sharedscripts = true
notifempty = true
create = true

[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = {{ custom_ssl_directory }}/requests/
private = {{ custom_ssl_directory }}/private/
certs = {{ custom_ssl_directory }}/certs/
newcerts = {{ custom_ssl_directory }}/newcerts/
crl = {{ custom_ssl_directory }}/crl/

{# Loop thought slave list to set up slaves #}
{% for slave_instance in slave_instance_list %}
{%   set slave_reference = slave_instance.get('slave_reference') %}
{%   set slave_type = slave_instance.get('type', '') %}
{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
{%   set slave_publish_dict = {} %}
{%   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
{%   set slave_logrotate_section = slave_reference + "-logs" %}
{%   set slave_password_section = slave_reference + "-password" %}
{%   set slave_ln_section = slave_reference + "-ln" %}

{#   extend parts #}
{%   do part_list.extend([slave_ln_section]) %}
{%   do part_list.extend([slave_logrotate_section, slave_section_title]) %}

{%   set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" %}

{#   Pass HTTP2 switch #}
{%   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
{%   do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %}

{#   Pass proxy_try_duration and proxy_try_interval #}
{%   do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %}
{%   do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %}

{#   Set Up log files #}
{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
{%   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
{%   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}

{#   Add slave log directory to the slave log access dict #}
{%   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}

{%   set slave_log_access_url = 'https://' + slave_reference + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %}
{%   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%   do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}

{# Set slave domain if none was defined #}
{%   if slave_instance.get('custom_domain', None) == None %}
{%     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
{%     if slave_type in NGINX_TYPE_LIST %}
{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) %}
{%     else %}
{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{%     endif %}
{%   endif %}

{%   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
{%   if enable_cache and 'url' in slave_instance %}
{%     if 'domain' in slave_instance %}
{%       do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %}
{%     endif %}
{%     do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %}
{%     do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
{%     do slave_instance.__setitem__('url', cache_access) %}
{%     do slave_instance.__setitem__('https-url', ssl_cache_access) %}
{%     do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
{%   endif %}

{# BBB: apache_custom_https and apache_custom_http #}
{%   if not slave_instance.has_key('caddy_custom_http') and not slave_instance.has_key('caddy_custom_https') and not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %}
{%     do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
{%     do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{%     do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{%     do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{%   endif %}

[slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }}

[slave-log-directories]
<= slave-log-directory-dict
recipe = slapos.cookbook:mkdirectory

{% do part_list.append('slave-log-directories') %}

[caddy-log-access]
< = jinja2-template-base
template = {{frontend_configuration.get('template-log-access')}}
rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context =
    section slave_log_directory slave-log-directory-dict
    section slave_password slave-password
    section parameter_dict caddy-log-access-parameters

{% do part_list.append('caddy-log-access') %}

[slave-password]
{{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }}

{# Set slave logrotate entry #}
[{{slave_logrotate_section}}]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}}
backup = {{ slave_log_folder }} 

{# integrate current logs inside #}
[{{slave_ln_section}}]
recipe = plone.recipe.command
stop-on-error = false
command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/access.log

{# Set password for slave #}
[{{slave_password_section}}]
recipe = slapos.cookbook:generate.password
storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd
bytes = 8

{# ################################################## #}
{# Set Slave Certificates if needed                   #}

{# Set ssl certificates for each slave #}
{%   for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{%     if cert_name in slave_instance %}
{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{%       do part_list.append(cert_title) %}
{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
{# Store certificates on fs #}
[{{ cert_title }}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
extra-context =
    key content {{ cert_title + '-config:value' }}
# Store certificate in config
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{%     endif %}
{%   endfor %}

{#-   Set Up Certs #}
{%   do slave_instance.__setitem__('login_certificate', login_certificate) %}
{%   do slave_instance.__setitem__('login_key', login_key) %}
{%   do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{%   do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
{%   do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
{%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{%     set cert_title = '%s-crt' % (slave_reference) %}
{%     set key_title = '%s-key' % (slave_reference) %}
{%     set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{%     set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %}
{%     do part_list.append(cert_title) %}
{%     do part_list.append(key_title) %}
{%     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
{%     do slave_parameter_dict.__setitem__("ssl_key", key_file) %}
{%     do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %}
{%     do slave_instance.__setitem__('path_to_ssl_key', key_file) %}

[{{key_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ key_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
extra-context =
    key content :key-content

[{{cert_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '')) }}
extra-context =
    key content :cert-content
{%     endif %}

{# ########################################## #}
{# Set Slave Configuration                    #}
[{{ slave_configuration_section_name }}]
https_port = {{ dumps(https_port) }}
http_port = {{ dumps(http_port) }}
local_ipv4 = {{ dumps(local_ipv4) }}
nginx_http_port = {{ dumps(nginx_http_port) }}
nginx_https_port = {{ dumps(nginx_https_port) }}
cached_port = {{ dumps(cached_port) }}
ssl_cached_port = {{ (ssl_cached_port) }}
{# BBB: apache_custom_https and apache_custom_http #}
{%     set caddy_custom_http = ((slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', ''))) % slave_parameter_dict) %}
{%     set caddy_custom_https = ((slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', ''))) % slave_parameter_dict) %}
caddy_custom_http = {{ dumps(caddy_custom_http) }}
caddy_custom_https = {{ dumps(caddy_custom_https) }}
{{ '\n' }}
{%     for key, value in slave_instance.iteritems() %}
{{ key }} = {{ dumps(value) }}
{%     endfor %}

[{{ slave_section_title }}]
< = jinja2-template-base
{%   if slave_type in NGINX_TYPE_LIST %}
rendered = {{ nginx_configuration_directory }}/${:filename}
{%   else %}
rendered = {{ caddy_configuration_directory }}/${:filename}
{%   endif %}


{%   if caddy_custom_http or caddy_custom_https %}
template = {{ template_custom_slave_configuration }}
{%   elif slave_type == 'eventsource' %}
template = {{ template_eventsource_slave_configuration }}
{%   elif slave_type == 'notebook' %}
template = {{ template_notebook_slave_configuration }}
{%   else %}
template = {{ template_default_slave_configuration }}
{%   endif %}

filename = {{ '%s.conf' % slave_reference }}
extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }}


{%   set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') %}
{%   do part_list.append(check_error_log_section_title) %}
[{{ check_error_log_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600
filename = {{ check_error_log_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}

{%   set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') %}
{%   do part_list.append(check_error_log_section_title) %}
[{{ check_error_log_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400
filename = {{ check_error_log_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}

{%   set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{%   if monitor_ipv6_test %}
{%     set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
{%     do part_list.append(monitor_ipv6_section_title) %}
[{{ monitor_ipv6_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ dumps(bin_directory ~ '/is-icmp-packet-lost -a ' ~ monitor_ipv6_test) }}
filename = {{ monitor_ipv6_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}
{%   endif %}

{%   set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
{%   if monitor_ipv4_test %}
{%     set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
{%     do part_list.append(monitor_ipv4_section_title) %}
[{{ monitor_ipv4_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ dumps(bin_directory ~ '/is-icmp-packet-lost -4 -a ' ~ monitor_ipv4_test) }}
filename = {{ monitor_ipv4_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}
{%   endif %}

{%   set re6st_optimal_test = slave_instance.get('re6st-optimal-test', '') %}
{%   set re6st_ipv6 = None %}
{%   set re6st_ipv4 = None %}
{%   if ',' in re6st_optimal_test %}
{%     set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %}
{%   endif %}
{%   if re6st_ipv6 and re6st_ipv4 %}
{%     set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %}
{%     do part_list.append(re6st_optimal_test_section_title) %}

[{{ re6st_optimal_test_section_title }}]
recipe = slapos.cookbook:wrapper
command-line = {{ dumps(bin_directory ~ '/check-re6st-optimal-status -4 ' ~ re6st_ipv4 ~ ' -6 ' ~ re6st_ipv6) }}
filename = {{ re6st_optimal_test_section_title }}
wrapper-path = {{ promise_directory }}/${:filename}
{%   endif %}


{# ###############################  #}
{# Publish Slave Information        #}
{%   if not extra_slave_instance_list %}
{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
{%     do part_list.append(publish_section_title) %}
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
{%     for key, value in slave_publish_dict.iteritems() %}
{{ key }} = {{ value }}
{%     endfor %}
{%   else %}
{%     do slave_instance_information_list.append(slave_publish_dict) %}
{%   endif %}

{# End of the main for loop#}
{% endfor %}

###############################################
### Prepare virtualhost for slaves using cache

{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
{%   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
{%   do part_list.append(cached_slave_configuration_section_title) %}
[{{ cached_slave_configuration_section_title }}]
< = jinja2-template-base
template = {{ template_cached_slave_configuration }}
filename = {{ '%s.conf' % slave_reference }}
rendered = {{ caddy_cached_configuration_directory }}/${:filename}
extensions = jinja2.ext.do
extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }}
{% endfor %}

{#- Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base]
recipe = slapos.cookbook:wrapper
ipv4 = ${slap-network-information:local-ipv4}
ipv6 = ${slap-network-information:global-ipv6}
wrapper-path = {{ service_directory}}/6tunnel-${:ipv6-port}
command-line = {{ sixtunnel_executable }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
hash-files = ${buildout:directory}/software_release/buildout.cfg

[tunnel-6to4-base-http_port]
<= tunnel-6to4-base
ipv4-port = {{ http_port }}
ipv6-port = {{ http_port }}

[tunnel-6to4-base-https_port]
<= tunnel-6to4-base
ipv4-port = {{ https_port }}
ipv6-port = {{ https_port }}

[tunnel-6to4-base-cached_port]
<= tunnel-6to4-base
ipv4-port = {{ cached_port }}
ipv6-port = {{ cached_port }}

[tunnel-6to4-base-ssl_cached_port]
<= tunnel-6to4-base
ipv4-port = {{ ssl_cached_port }}
ipv6-port = {{ ssl_cached_port }}

[tunnel-6to4-base-nginx_http_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_http_port }}
ipv6-port = {{ nginx_http_port }}

[tunnel-6to4-base-nginx_https_port]
<= tunnel-6to4-base
ipv4-port = {{ nginx_https_port }}
ipv6-port = {{ nginx_https_port }}

{# Define log access #}
[caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }}
caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
local_ipv4 = {{ dumps(local_ipv4) }}
global_ipv6 = {{ dumps(global_ipv6) }}
https_port = {{ dumps(https_port) }}
http_port = {{ dumps(http_port) }}
ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
ip_access_key = {{ frontend_configuration.get('ip-access-key') }}
access_log = {{ dumps(access_log) }}
error_log = {{ dumps(error_log) }}
not_found_file = {{ dumps(not_found_file) }}

[caddy-log-access]
< = jinja2-template-base
template = {{frontend_configuration.get('template-log-access')}}
rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context =
    section slave_log_directory slave-log-directory-dict
    section slave_password slave-password
    section parameter_dict caddy-log-access-parameters


{# Publish information for the instance #}
[publish-caddy-information]
recipe = slapos.cookbook:publish.serialised
public-ipv4 = {{ public_ipv4 }}
private-ipv4 = {{ local_ipv4 }}
{% if extra_slave_instance_list %}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
{% endif %}
monitor-base-url = {{ monitor_base_url }}

[buildout]
extends = {{ common_profile }}
parts +=
{% for part in part_list %}
{{ '    %s' % part }}
{% endfor %}
    publish-caddy-information
    tunnel-6to4-base-http_port
    tunnel-6to4-base-https_port
    tunnel-6to4-base-cached_port
    tunnel-6to4-base-ssl_cached_port
    tunnel-6to4-base-nginx_http_port
    tunnel-6to4-base-nginx_https_port

cache-access = {{ cache_access }}

{% endif %}