{ pkgs, lib, ... }:
let
  cfg = import ./vars.nix;
  db = cfg.zabbix.db;
  db_host = cfg.podman.hostIP;
  port = cfg.zabbix.port;
  domain = cfg.zabbix.domain;
  server_ip = "10.88.1.0";
  web_ip = "10.88.1.1";
in
{
  services.postgresql = {
    ensureDatabases = [ db ];
    ensureUsers = [
      {
        name = db;
        ensurePermissions = {
          "DATABASE ${db}" = "ALL PRIVILEGES";
        };
      }
    ];
    extraPlugins = [
      (pkgs.callPackage ../packages/timescaledb/timescaledb.nix {})
      ];
    settings = {
      shared_preload_libraries = "timescaledb";
    };
    authentication = "host ${db} ${db} 10.88.0.0/16 md5";
  };

  virtualisation.oci-containers.containers.zabbix-server = {
    image = "docker.io/zabbix/zabbix-server-pgsql:alpine-6.4-latest";
    environment = {
      DB_SERVER_HOST = db_host;
      POSTGRES_USER = db;
    };
    environmentFiles = [ /etc/nixos/keys/zabbix-env ];
    extraOptions = cfg.podman.extraOptions ++ [ "--ip=${server_ip}" ];
  };

  virtualisation.oci-containers.containers.zabbix-web = {
    image = "docker.io/zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest";
    environment = {
      DB_SERVER_HOST = db_host;
      POSTGRES_USER = db;
      ZBX_SERVER_HOST = server_ip;
      ZBX_SERVER_NAME = "Superbly Managed Networks and Hosting";
      PHP_TZ = "Europe/Berlin";
    };
    environmentFiles = [ /etc/nixos/keys/zabbix-env ];
    extraOptions = cfg.podman.extraOptions ++ [ "--ip=${web_ip}" ];
    ports = [ "${port}:8080" ];
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

  networking.firewall.interfaces.podman0.allowedTCPPorts = [ 5432 10050 ];
}

# vim: set et ts=2 sw=2 ai: