{ ... }:
let
  cfg = import ./vars.nix;
  port = cfg.ihatemoney.port;
  db = cfg.ihatemoney.db;
  domain = cfg.ihatemoney.domain;
in
{

  imports = [ ./nginx.nix ];

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

  virtualisation.oci-containers.containers.ihatemoney = {
    image = "8f083cab39d1";
    environment = {
      ACTIVATE_ADMIN_DASHBOARD = "True";
      ACTIVATE_DEMO_PROJECT = "False";
      ALLOW_PUBLIC_PROJECT_CREATION = "False";
      MAIL_DEFAULT_SENDER = "Budget manager <ihatemoney@mc-fucker.cool>";
      MAIL_SERVER = "mc1.mc-fucker.vpn.mc-fucker.cool";
      MAIL_USE_TLS = "True";
      DEBUG = "False";
    };
    ports = [ "${port}:${port}" ];
    environmentFiles = [ /etc/nixos/keys/ihatemoney-env ];
  };

  services.postgresql = {
    ensureDatabases = [ db ];
    ensureUsers = [
      {
        name = db;
        ensurePermissions = {
          "DATABASE ${db}" = "ALL PRIVILEGES";
        };
      }
    ];
    authentication = "host ${db} ${db} 10.88.0.0/16 md5";
  };

  services.postgresqlBackup.databases = [ "ihatemoney" ];

}

# vim: set et ts=2 sw=2 ai: