{ config, ... }:

let
  svc_domain = "wger.${config.mine.shared.settings.domain}";
  port = config.services.wger.port;
in {
  imports = [
    ./wgerpkg/module.nix
  ];

  services.wger = {
    enable = true;

    configureRedis = true;
    configurePostgres = true;

    dataDir = config.mine.zfsMounts."rpool/safe/svcs/wger";

    # wger specific settings
    wgerSettings = {
      EMAIL_FROM = "wger Workout Manager <wger@${svc_domain}>";

      # use authelia for authentication (disable guest users + regisration)
      AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
      ALLOW_GUEST_USERS = false;
      ALLOW_REGISTRATION = false;
    };

    # django specific settings
    djangoSettings = rec {
      # setup site stuff
      SITE_URL = "https://${svc_domain}";
      CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
      ALLOWED_HOSTS = [ svc_domain ];

      # setup email
      EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
      EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
      EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;
      EMAIL_USE_SSL = true;
      EMAIL_HOST_USER = "wger";
      EMAIL_HOST_PASSWORD = "$EMAIL_HOST_PASSWORD";
      EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM;
      EMAIL_PAGE_DOMAIN = SITE_URL;
    };
  };

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
    locations."/api/v2/register" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };

    locations."/static".root = "${config.services.wger.package}/share";
    locations."/media".root = "${config.services.wger.dataDir}";
    locations."/api".proxyPass = "http://localhost:${builtins.toString port}";
  };

  # metadata
  mine.shared.meta.wger = {
    name = "Wger";
    description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";
    url = "https://${svc_domain}";

    package = let
      pkg = config.services.wger.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}