{ config, lib, ... }:
let
  cfg = import ./vars.nix;
  db = "vikunja";
  dbport = cfg.vikunja.dbport;
  db_host = cfg.podman.hostIP;
  frontendport = cfg.vikunja.frontendport;
  apiport = cfg.vikunja.apiport;
  domain = cfg.vikunja.domain;
in
{
  sops.secrets."vikunja/db" = {};
  sops.secrets."vikunja/secret" = {};

  imports = [
    ./podman-mariadb.nix    # for the database
    ./nginx.nix             # for the webserver
  ];

  services.podman-mariadb."vikunja" = {
    enable = true;
    #image = "docker.io/library/postgres:15-alpine";
    port = (lib.strings.toInt dbport);
    passwordFile = config.sops.secrets."vikunja/db".path;
  };

  virtualisation.oci-containers.containers.vikunja-api = {
    image = "docker.io/vikunja/api";
    environment = {
      TZ = "Europe/Berlin";
      VIKUNJA_SERVICE_TIMEZONE = "Europe/Berlin";
      VIKUNJA_DATABASE_HOST = "${db_host}:${dbport}";
      VIKUNJA_DATABASE_DATABASE = db;
      VIKUNJA_DATABASE_USER = db;
      VIKUNJA_DATABASE_TYPE = "mysql";
      VIKUNJA_DATABASE_PASSWORD = builtins.readFile config.sops.secrets."vikunja/db".path;
      VIKUNJA_SERVICE_JWTSECRET = builtins.readFile config.sops.secrets."vikunja/secret".path;
      VIKUNJA_SERVICE_FRONTENDURL = "https://${domain}/";
      VIKUNJA_SERVICE_ENABLEREGISTRATION = "false";
      VIKUNJA_MAILER_ENABLED = "true";
      VIKUNJA_MAILER_HOST = cfg.mail.host;
      VIKUNJA_MAILER_PORT = cfg.mail.port;
      VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED = "true";
      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME = "true";
      VIKUNJA_DEFAULTSETTINGS_WEEK_START = "1";
      VIKUNJA_DEFAULTSETTINGS_LANGUAGE = "de";
    };
    ports = [
      "${apiport}:${apiport}"
    ];
    extraOptions = cfg.podman.extraOptions;
    volumes = [
      "/var/lib/vikunja/files:/app/vikunja/files"
      "/var/lib/vikunja/config.yml:/app/vikunja/config.yml:ro"
    ];
  };

  virtualisation.oci-containers.containers.vikunja-frontend = {
    image = "docker.io/vikunja/frontend";
    environment = {
      TZ = "Europe/Berlin";
      #VIKUNJA_API_URL = "http://${cfg.podman.hostIP}:${apiport}/api/v1";
    };
    ports = [
      "${frontendport}:80"
    ];
    extraOptions = cfg.podman.extraOptions;
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${frontendport}";
    };
    locations."~* ^/(api|dav|\.well-known)/" = {
      proxyPass = "http://localhost:${apiport}";
      extraConfig = "client_max_body_size 20M;";
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

}
# vim: set et ts=2 sw=2 ai: