{ config, ... }:
let
  cfg = config.services.ombi;
in
{
  nixpkgs.config.packageOverrides = pkgs:
  {
    ombi = pkgs.callPackage /root/ombi {};
  };

  services.ombi.enable = true;

  services.nginx.virtualHosts."ombi.mc-fucker.cool" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/" = {
        proxyPass = "http://localhost:5000";
        extraConfig = ''
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
        '';
      };

      "/api" = {
        proxyPass = "http://localhost:5000";
      };

      "/swagger" = {
        proxyPass = "http://localhost:5000";
      };
    };

    extraConfig = ''
      ssl_session_cache builtin:1000;
      gzip on;
      gzip_vary on;
      gzip_min_length 1000;
      gzip_proxied any;
      gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
      gzip_disable "MSIE [1-6]\.";
    '';
  };

  systemd.services.ombi =
  {
    serviceConfig = {
      ProtectSystem = "full";
      ProtectHostname = "true";
      ProtectClock = "true";
      #WorkingDirectory = cfg.dataDir;
      #StateDirectory = "ombi";
      #RootDirectory = "/run/ombi";
      #RuntimeDirectory = "ombi";
      #BindReadOnlyPaths = builtins.storeDir;
    };
  };
}

# vim: set et ts=2 sw=2 ai: