{ config, lib, pkgs, ... }:

let
  svc_domain = "uptime-kuma.${config.mine.shared.settings.domain}";
in {
  services.uptime-kuma = {
    enable = true;
    appriseSupport = true;

    package = pkgs.uptime-kuma.overrideAttrs (old: rec {
      pname = "uptime-kuma";
      version = "2.0.0-dev";
      src = pkgs.fetchFromGitHub {
        owner = "M1CK431";
        repo = "uptime-kuma";
        rev = "5a16af40fdddcaa61d197242840344804a246d01";
        hash = "sha256-W7ieVrfm/SZU/MNB7dJW3V3vq0RBrAJVqv0gK7H4Xik=";
      };
      npmDepsHash = "sha256-Q2u6ClG6g8yoGvSJ/LGlKTL4XkJGWY+DAojpM1xBwQ0=";
      npmDeps = pkgs.fetchNpmDeps {
        inherit src;
        name = "${pname}-${version}-npm-deps";
        hash = npmDepsHash;
      };
      patches = [
        (pkgs.writeText "uptime-kuma-database-writeable.patch" ''
          diff --git a/server/database.js b/server/database.js
          index 3374aff9..9e890d28 100644
          --- a/server/database.js
          +++ b/server/database.js
          @@ -221,6 +221,7 @@ class Database {
                       if (! fs.existsSync(Database.sqlitePath)) {
                           log.info("server", "Copying Database");
                           fs.copyFileSync(Database.templatePath, Database.sqlitePath);
          +                fs.chmodSync(Database.path, 0o640);
                       }
           
                       const Dialect = require("knex/lib/dialects/sqlite3/index.js");
        '')
      ];
    });
  };

  # setup persistence
  environment.persistence.root.directories = [
    { directory = "/var/lib/private/uptime-kuma"; mode = "0700"; }
  ];


  # setup ldap user for email
  services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
    uptime-kuma = llib.mkProvisionUserSystem "uptime-kuma" config.age.secrets.uptime-kuma-ldap-pass.path;
  });

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString config.services.uptime-kuma.settings.PORT}";
      proxyWebsockets = true;
    };
  };

  mine.shared.meta.uptime-kuma = {
    name = "Uptime Kuma";
    description = ''Fancy self-hosted monitoring tool, which supports VARIOUS methods of monitoring, as well as getting notifications. Multiple users is not officially support, so reach out to admins, and they will create a user for you. Abuse will NOT be tolerated. We have a SMTP account associated with Uptime Kuma, ask for details on how to use this (you're also allowed to to your own member email).'';
    url = "https://${svc_domain}";

    package = let
      pkg = config.services.uptime-kuma.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}