{ pkgs, lib, ... }:
let
  db = "zabbix";
  version = "latest";
  port = "8999";
  domain = "zbx.mc-fucker.cool";
in
{
  services.postgresql = {
    ensureDatabases = [ db ];
    ensureUsers = [
      {
        name = db;
        ensurePermissions = {
          "DATABASE ${db}" = "ALL PRIVILEGES";
        };
      }
    ];
    extraPlugins = [
      #(pkgs.callPackage ../packages/timescaledb/timescaledb.nix {})
      timescaledb
      ];
    settings = {
      shared_preload_libraries = "timescaledb";
    };
    authentication = "host ${db} ${db} zabbix-server.mc-fucker.vpn.mc-fucker.cool md5";
  };

  services.zabbixServer = {
    enable = true;
    database = {
      createLocally = false;
      socket = "/run/postgresql";
      passwordFile = /etc/nixos/keys/zabbix_db.key;
    };
    package = (pkgs.callPackages ../packages/zabbix/server.nix { postgresqlSupport = true; }).${version};
  };

  services.zabbixWeb = {
    enable = true;
    package = (pkgs.callPackages ../packages/zabbix/web.nix {}).${version};
    database = {
      socket = "/run/postgresql";
    };
    virtualHost = {
      hostName = domain;
      adminAddr = "noreply@mc-fucker.cool";
      listen = [
        {
          port = (lib.strings.toInt port);
        }
      ];
    };
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

}

# vim: set et ts=2 sw=2 ai: