securityContext:
  allowPrivilegeEscalation: false
{#  runAsUser: {{ whawty_auth_app_uid }} #}
{#  runAsGroup: {{ whawty_auth_app_gid }} #}
containers:
- name: app
  image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
  args:
  - "--store"
  - "/config/store.yml"
  - "run"
  - "--web-addr"
  - ":{{ whawty_auth_instances[whawty_auth_instance].port }}"
{% if 'tls' in whawty_auth_instances[whawty_auth_instance] %}
  - "--web-config"
  - "/config/web.yml"
{% endif %}
  volumeMounts:
  - name: config
    mountPath: /config
    readOnly: true
  - name: store
    mountPath: /store
  env:
{# TODO: remove debug output #}
  - name: WHAWTY_AUTH_DEBUG
    value: "1"
  ports:
  - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }}
    hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }}
{% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
- name: sync
  image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
  command:
  - "/gokr-rsyncd"
  args:
  - "--daemon"
  - "--gokr.config=/sync/config.toml"
{# TODO: remove debug output #}
  - "-v"
  volumeMounts:
  - name: sync
    mountPath: /sync
    readOnly: true
  - name: store
    mountPath: /store
    readOnly: true
  env:
  - name: XDG_CONFIG_HOME
    value: "/sync"
  ports:
  - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }}
    hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }}
{% endif %}
volumes:
- name: config
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/config"
    type: Directory
- name: store
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/store"
    type: Directory
{% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
- name: sync
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/sync"
    type: Directory
{% endif %}