{ config, lib, ... }:
let
  cfg = import ./vars.nix;
  db = cfg.bookstack.db;
  dbport = cfg.bookstack.dbport;
  db_host = cfg.podman.hostIP;
  port = cfg.bookstack.port;
  domain = cfg.bookstack.domain;
in
{
  sops.secrets."bookstack/db" = {};

  imports = [
    ./podman-mariadb.nix    # for the database
    ./nginx.nix             # for the webserver
  ];

  services.podman-mariadb."bookstack" = {
    enable = true;
    #image = "docker.io/library/postgres:15-alpine";
    port = (lib.strings.toInt dbport);
    passwordFile = config.sops.secrets."bookstack/db".path;
  };

  virtualisation.oci-containers.containers.bookstack = {
    image = "lscr.io/linuxserver/bookstack:latest";
    environment = {
      TZ = "Europe/Berlin";
      DB_HOST = db_host;
      DB_USER = db;
      DB_PORT = dbport;
      DB_DATABASE = db;
      APP_URL = "https://${domain}";
      MAIL_HOST = cfg.mail.host;
      MAIL_PORT = cfg.mail.port;
      MAIL_FROM = "bookstack@mc-fucker.cool";
      FILE__DB_PASS = config.sops.secrets."bookstack/db".path;
    };
    ports = [
      "${port}:80"
    ];
    extraOptions = cfg.podman.extraOptions;
    volumes = [
      "/run/secrets/bookstack/db:/run/secrets/bookstack/db:ro"
      "/var/lib/bookstack:/config"
    ];
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

}
# vim: set et ts=2 sw=2 ai: