{ lib, config, pkgs, ... }:
let
  cfg = config.myServices.websites.nicecoop.copanier;
  pcfg = config.myEnv.websites.nicecoop.copanier;
  hostname = "copanier.nc.immae.dev";
  socket = "/run/nicecoop_copanier/socket.sock";
in {
  options.myServices.websites.nicecoop.copanier.enable = lib.mkEnableOption "enable nicecoop's copanier website";

  config = lib.mkIf cfg.enable {
    services.websites.env.integration.vhostConfs.nicecoop_copanier = {
      certName     = "integration";
      addToCerts   = true;
      hosts        = [ hostname ];
      root         = null;
      extraConfig  = [
        ''
        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPassMatch ^/static !
        ProxyPass / unix://${socket}|http://${hostname}/
        ProxyPassReverse / unix://${socket}|http://${hostname}/
        Alias /static ${pkgs.webapps.copanier}/${pkgs.webapps.copanier.python.sitePackages}/copanier/static
        <Directory ${pkgs.webapps.copanier}/${pkgs.webapps.copanier.python.sitePackages}/copanier/static>
          AllowOverride None
          Require all granted
        </Directory>
        ''
      ];
    };

    secrets.keys."websites/nicecoop/copanier" = {
      user = "wwwrun";
      group = "wwwrun";
      permissions = "0400";
      text = ''
        COPANIER_DATA_ROOT=/var/lib/nicecoop_copanier
        COPANIER_SITE_URL=https://${hostname}
        COPANIER_SITE_NAME=Copanier Nicecoop
        COPANIER_SITE_DESCRIPTION=Copanier
        COPANIER_XLSX_FILENAME=produits
        COPANIER_SEND_EMAILS=True
        COPANIER_SMTP_HOST=${pcfg.smtp.host}
        COPANIER_SMTP_PASSWORD=${pcfg.smtp.password}
        COPANIER_SMTP_LOGIN=${pcfg.smtp.email}
        COPANIER_FROM_EMAIL=${pcfg.smtp.email}
        COPANIER_EMAIL_SIGNATURE=Nicecoop
        COPANIER_STAFF=${builtins.concatStringsSep " " pcfg.staff}
      '';
    };
    systemd.services.nicecoop-copanier = {
      description = "Nicecoop Copanier website";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        EnvironmentFile = config.secrets.fullPaths."websites/nicecoop/copanier";
        Type = "simple";
        ExecStart = let
          python = pkgs.webapps.copanier.python.withPackages (p: [ p.gunicorn p.uvloop pkgs.webapps.copanier ]);
        in
          "${python}/bin/gunicorn -k roll.worker.Worker copanier:app --bind unix:${socket}";
        User = "wwwrun";
        Restart = "always";
        RestartSec = "5s";
        StandardOutput = "journal";
        StandardError = "inherit";
        StateDirectory = "nicecoop_copanier";
        RuntimeDirectory = "nicecoop_copanier";
      };
    };

  };
}