{ config, ... }:
let
  cfg = import /etc/nixos/modules/vars.nix;
  whisparr_port = cfg.arrstack.whisparr.port;
  outpost_port = cfg.authentik.outpostPort;
  domain = "mc-fucker.cool";
in
{

  virtualisation.oci-containers.containers.whisparr = {
    image = "ghcr.io/hotio/whisparr";
    environment = {
      TZ = "Europe/Berlin";
      PUID = toString config.users.users.arr.uid;
      PGID = toString config.users.groups.arr.gid;
    };
    ports = [
      "${whisparr_port}:${whisparr_port}"
    ];
    volumes = [
      "/var/lib/whisparr:/config"
      "/mnt/mergerfs/media:/data"
      #"/mnt/ultracc/downloads:/mnt/ultracc"
    ];
    extraOptions = cfg.podman.extraOptions;
    autoStart = false;
  };

  services.nginx.virtualHosts = {

    "whisparr.${domain}" = {
      forceSSL = true;
      enableACME = true;
      locations = {
        "/" = {
          proxyPass = "http://127.0.0.1:${outpost_port}";
          extraConfig = ''
            #proxy_set_header    Host $proxy_host;
            proxy_set_header    Host $host;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Host $host;
            proxy_set_header    X-Forwarded-Proto $scheme;
            proxy_set_header    Upgrade $http_upgrade;
            proxy_set_header    Connection $http_connection;
            proxy_redirect      off;
            proxy_http_version  1.1;
          '';
        };
      };
      extraConfig = ''
        access_log          /var/log/nginx/whisparr.${domain}_access.log;
        error_log           /var/log/nginx/whisparr.${domain}_error.log;
      '';
    };

  };
}
# vim: set et ts=2 sw=2 ai: