{ config, pkgs, lib, ... }:
let
  iv_port = "3001";
  domain = "yt.mc-fucker.cool";
  db_user = "kemal";
  db = "invidious";
in
{
  services.invidious = {
    package = pkgs.callPackage /etc/nixos/packages/invidious { lsquic = pkgs.callPackage /etc/nixos/packages/invidious/lsquic.nix {}; videojs = pkgs.callPackage /etc/nixos/packages/invidious/videojs.nix {}; };
    enable = true;
    port = (lib.strings.toInt iv_port);
    database = {
      createLocally = false;
      host = "127.0.0.1";
      passwordFile = "/etc/nixos/keys/invidious-dbpassword";
    };
    settings = {
        admins = [ "mc-fucker" ];
        popular_enabled = false;
        default_user_preferences = {
          feed_menu = [ "Trending" "Subscriptions" "Playlists" ];
        };
    };
  };
  systemd.services.invidious.serviceConfig = {
    Restart = "always";
    RestartSec = "2s";
  };

  services.postgresql = {
    ensureDatabases = [ db ];
    ensureUsers = [
      {
        name = db_user;
        ensurePermissions = {
          "DATABASE ${db}" = "ALL PRIVILEGES";
        };
      }
    ];
    authentication = "host invidious kemal 127.0.0.1/32 trust";
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/" = {
        proxyPass = "http://127.0.0.1:${iv_port}";
        extraConfig = ''
          set $empty "";
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header Host $host;
          proxy_http_version 1.1;
          proxy_set_header Connection "";
        '';
      };

    };

  };

}

# vim: set et ts=2 sw=2 ai: