{ config, lib, ... }:

let
  svc_domain = "wger.${config.mine.shared.settings.domain}";
  port = config.services.wger.port;
in {
  imports = [
    ./wgerpkg/module.nix
  ];

  services.wger = {
    enable = true;

    configureRedis = true;
    configurePostgres = true;

    dataDir = config.mine.zfsMounts."rpool/safe/svcs/wger";

    # wger specific settings
    wgerSettings = {
      EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";

      ALLOW_GUEST_USERS = false;
      ALLOW_REGISTRATION = false;
    };

    # django specific settings
    djangoSettings = let
      headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v)));
    in rec {
      # setup site stuff
      SITE_URL = "https://${svc_domain}";
      CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
      ALLOWED_HOSTS = [ svc_domain ];

      # proxy auth
      AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username;
      AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email;
      AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name;
      AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ];
      AUTH_PROXY_CREATE_UNKNOWN_USER = true;

      # setup email
      EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
      EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
      EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;
      EMAIL_USE_SSL = true;
      EMAIL_HOST_USER = "wger";
      EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}";
      EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM;
      EMAIL_PAGE_DOMAIN = SITE_URL;

      # LOGGING = {
      #   version = 1;
      #   disable_existing_loggers = false;
      #   formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s";
      #   handlers.console = {
      #     level = "DEBUG";
      #     class = "logging.StreamHandler";
      #     formatter = "simple";
      #   };
      #   loggers."" = {
      #     handlers = ["console"];
      #     level = "DEBUG";
      #   };
      # };
    };
  };

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
    locations."/api/v2/register" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };

    locations."/static".root = "${config.services.wger.package}/share";
    locations."/media".root = "${config.services.wger.dataDir}";
    locations."/api".proxyPass = "http://localhost:${builtins.toString port}";
  };

  # setup lldap user for wger that can send emails
  services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
    wger = llib.mkProvisionUserSystem "wger" config.age.secrets.wger-ldap-pass.path;
  });

  # setup permissions
  age.secrets.wger-ldap-pass.owner = config.services.wger.user;

  # metadata
  mine.shared.meta.wger = {
    name = "Wger";
    description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";
    url = "https://${svc_domain}";

    package = let
      pkg = config.services.wger.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}