{ config, ... }:
let
  cfg = import /etc/nixos/modules/vars.nix;
  prowlarr_port = cfg.arrstack.prowlarr.port;
  outpost_port = cfg.authentik.outpostPort;
  domain = "mc-fucker.cool";
in
{

  virtualisation.oci-containers.containers.prowlarr = {
    image = "lscr.io/linuxserver/prowlarr:latest";
    environment = {
      TZ = "Europe/Berlin";
    };
    ports = [
      "${prowlarr_port}:${prowlarr_port}"
    ];
    volumes = [
      "/var/lib/prowlarr:/config"
    ];
    extraOptions = cfg.podman.extraOptions;
  };

  services.nginx.virtualHosts = {

  "prowlarr.${domain}" = {
      forceSSL = true;
      enableACME = true;
      locations =
      let
        common = ''
          proxy_set_header    Host $host;
          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header    X-Forwarded-Host $host;
          proxy_set_header    X-Forwarded-Proto $scheme;
          proxy_set_header    Upgrade $http_upgrade;
          proxy_set_header    Connection $http_connection;
          proxy_redirect      off;
          proxy_http_version  1.1;
        '';
      in
      {
        "/" = {
          proxyPass = "http://127.0.0.1:${outpost_port}";
          extraConfig = common;
        };
        "/api" = {
          proxyPass = "http://127.0.0.1:${prowlarr_port}";
          extraConfig = common;
        };
      };
      extraConfig = ''
        access_log          /var/log/nginx/prowlarr.${domain}_access.log;
        error_log           /var/log/nginx/prowlarr.${domain}_error.log;
      '';
    };

  };
}
# vim: set et ts=2 sw=2 ai: