{ config, lib, ... }:
let
  cfg = import ./vars.nix;
  name = "XXX";
  dbport = cfg.XXX.dbport;
  db_host = cfg.podman.hostIP;
  port = cfg.XXX.port;
  domain = cfg.XXX.domain;
in
{
  imports = [
    #./podman.nix
    ./podman-postgresql.nix # for the database
    ./nginx.nix             # for the webserver
  ];

  sops.secrets."${name}/db" = {};
  sops.secrets."${name}/env" = {};

  services.podman-postgresql."${name}" = {
    enable = true;
    image = "docker.io/library/postgres:16-alpine";
    port = (lib.strings.toInt dbport);
    passwordFile = config.sops.secrets."${name}/db".path;
  };

  virtualisation.oci-containers.containers.XXX = {
    image = "XXX";
    environment = {
      TZ = "Europe/Berlin";
    };
    environmentFiles = [ config.sops.secrets."${name}/env".path ];
    ports = [
      "${port}:80"
    ];
    volumes = [
      "/var/lib/XXX:/data"
    ];
    extraOptions = cfg.podman.extraOptions;
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:${port}";
      proxyWebsockets = true;
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
    '';
  };

}
# vim: set et ts=2 sw=2 ai: