_http = OCIRegHTTP {
    address = "0.0.0.0",
    port = 5000
    realm = "zot"
    tls = OCIRegTLS {
        cert = "/etc/zot/ssl/fullchain.pem",
        key = "/etc/zot/ssl/privkey.pem"
    }
    auth = OCIRegAuth {
        htpasswd = OCIRegHtpasswd { path = "/etc/zot/htpasswd" }
        failDelay = 5
    }
}
_log = OCIRegLog {
    level = "debug",
    output = "/var/log/zot/zot.log",
    audit = "/var/log/zot/zot-audit.log"
}

if _kys != Undefined and _kys.oci_reg_s3.accesskey != Undefined and _kys.oci_reg_s3.accesskey != "": 
#if _kys.storageDriver == Undefined:
    _oci_config = OCIRegConfig {
        storage = OCIRegStorage {
            rootDirectory = "/data/zot/"
            dedupe = True
            storageDriver = OCIRegStorageDriver {
                name = "s3",
                rootdirectory = "/zot",
                region = "europe-1",
                bucket = "reg",
                secure = True,
                regionendpoint ="https://0jgn0-private.upcloudobjects.com"
                accesskey = _kys.oci_reg_s3.accesskey,
                secretkey = _kys.oci_reg_s3.secretkey,
                skipverify = False
            }
        }
        http = _http
        log = _log
        extensions = OCIRegExtensions {
            ui: OCIRegExtUI { enable: True }
# cve not working with S3
#           search: OCIRegExtSearch { enable: True }
        }
    } 
else:
    _oci_config = OCIRegConfig {
        storage = OCIRegStorage {
            rootDirectory = "/data/zot/"
            gc = True
            gcDelay = "1h"
            gcInterval = "6h"
        }
        http = _http
        log = _log
        extensions = OCIRegExtensions {
            ui: OCIRegExtUI { enable: True }
            search: OCIRegExtSearch { enable: True }
        }
    } 

taskserv = OCIReg {
    version = "2.0.3"
    name = "oci-reg"
    oci_memory_high = 15
    oci_memory_max = 16
    copy_paths = ["reg-ssl|ssl", "oci-reg/htpasswd|htpasswd"]
    config = _oci_config
}