{ config, ... }:
let
  cfg = import ./vars.nix;
  domain = "music.mc-fucker.cool";
  port = cfg.navidrome.port;
in
{

  imports = [
    ./nginx.nix
  ];

  sops.secrets."navidrome" = {};

  virtualisation.oci-containers.containers.navidrome = {
    image = "docker.io/deluan/navidrome";
    environment = {
      TZ = "Europe/Berlin";
      ND_SESSIONTIMEOUT = "336h";
      ND_SCANNER_ENABLED = "false";
    };
    environmentFiles = [ config.sops.secrets.navidrome.path ];
    ports = [
      "${port}:${port}"
    ];
    volumes = [
      "/var/lib/navidrome:/data"
      "/mnt/mergerfs/media/music:/music:ro"
    ];
    extraOptions = cfg.podman.extraOptions;
    autoStart = false;
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${port}";
      extraConfig = ''
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_buffering off;
      '';
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

}
# vim: set et ts=2 sw=2 ai: