{ config, lib, pkgs, ... }:

let
  urlpath = "/members";
  metaJSONFile = (pkgs.formats.json {}).generate "meta-service-info.json" config.mine.shared.meta;
  port = 5050;
in {
  systemd.services.website-member = {
    description = "members area website";
    wantedBy = [ "multi-user.target" ];
    after = [ "networking.target" ];

    environment = {
      AUTH_PROXY_USERNAME = config.mine.shared.lib.authelia.protectedHeaders.username;
      AUTH_PROXY_GROUPS = config.mine.shared.lib.authelia.protectedHeaders.groups;
      AUTH_PROXY_EMAIL = config.mine.shared.lib.authelia.protectedHeaders.email;
      AUTH_PROXY_NAME = config.mine.shared.lib.authelia.protectedHeaders.name;
    };

    serviceConfig = {
      ExecStart = let
        pythonEnv = pkgs.python3.withPackages(ps: with ps; [ flask ]);
      in "${pythonEnv}/bin/python ${./app.py} --port ${builtins.toString port} --meta-json ${metaJSONFile}";
      Restart = "always";
    };
  };

  services.nginx.virtualHosts."${config.mine.shared.settings.domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    locations."${urlpath}" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
  };

  mine.shared.meta.website-members = {
    name = "Members Website";
    description = "This website you are looking at right now, which is our members website.";
    url = "https://${config.mine.shared.settings.domain}${urlpath}";

    package = {
      name = "members-website";
      version = "v0.0.1";
      meta = with lib; {
        description = "Members website for ${config.mine.shared.settings.domain}";
        license = licenses.free;
        homepage = "https://git.fricloud.dk/fricloud/server-configs/src/branch/main/machines/gerd/services/member-website/app.py";
        platforms = platforms.all;
      };
    };
  };
}