{ ... }:
let
  cfg = import ./vars.nix;
  domain = cfg.jellyfin.domain;
  port = cfg.jellyfin.port;
  ip = "127.0.0.1";
  common_header = ''
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
  '';
in
{

  virtualisation.oci-containers.containers.jellyfin = {
    #image = "docker.io/jellyfin/jellyfin";
    image = "ghcr.io/confusedpolarbear/jellyfin-intro-skipper";
    extraOptions = cfg.podman.extraOptions;
    ports = [ "${port}:${port}" ];
    volumes = [
      "/var/lib/jellyfin:/config"
      "/mnt/cache/jellyfin:/cache"
      "/mnt/gdrive:/mnt/gdrive:ro"
      #"/mnt/gdrive:/mnt/gdrive"
    ];
  };

  systemd.services.podman-jellyfin = {
    after = [ "gdrive_mount.service" ];
  };

  imports = [ ./nginx.nix ];

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;

    locations."/" = {
      proxyPass = "http://${ip}:${port}";
      extraConfig = ''
        ${common_header}
        proxy_buffering off;
      '';
    };

    locations."= /web/" = {
      proxyPass = "http://${ip}:${port}/web/index.html";
      extraConfig = common_header;
    };

    locations."/socket" = {
      proxyPass = "http://${ip}:${port}";
      extraConfig = ''
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        ${common_header}
      '';
    };

    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
      client_max_body_size 20M;
      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Content-Type-Options "nosniff";
    '';

  };
}

# vim: set et ts=2 sw=2 ai: