{ lib, pkgs, config, mylibs, ... }:
let
  cfg = config.services.myWebsites;
in
{
  imports = [
    ./websites/chloe.nix
    ./websites/ludivine.nix
    ./websites/aten.nix
    ./websites/piedsjaloux.nix
    ./websites/connexionswing.nix
  ];

  options.services.myWebsites = {
    production = {
      enable = lib.mkEnableOption "enable websites in production";
    };

    integration = {
      enable = lib.mkEnableOption "enable websites in integration";
    };

    apacheConfig = lib.mkOption {
      type = lib.types.attrsOf (lib.types.submodule {
        options = {
          modules = lib.mkOption {
            type = lib.types.listOf (lib.types.str);
            default = [];
          };
          extraConfig = lib.mkOption {
            type = lib.types.nullOr lib.types.lines;
            default = null;
          };
        };
      });
      default = {};
      description = "Extra global config";
    };

  };

  config = {
    services.myWebsites.Chloe.production.enable = cfg.production.enable;
    services.myWebsites.Ludivine.production.enable = cfg.production.enable;
    services.myWebsites.Aten.production.enable = cfg.production.enable;
    services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
    services.myWebsites.Connexionswing.production.enable = cfg.production.enable;

    services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
    services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
    services.myWebsites.Aten.integration.enable = cfg.integration.enable;
    services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
    services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;

    services.myWebsites.apacheConfig = {
      gzip = {
        modules = [ "deflate" "filter" ];
        extraConfig = ''
          AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
        '';
      };
      macros = {
        modules = [ "macro" ];
      };
      ldap = {
        modules = [ "ldap" "authnz_ldap" ];
        # FIXME: starttls
        extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
          <IfModule ldap_module>
            LDAPSharedCacheSize 500000
            LDAPCacheEntries 1024
            LDAPCacheTTL 600
            LDAPOpCacheEntries 1024
            LDAPOpCacheTTL 600
          </IfModule>

          <Macro LDAPConnect>
            <IfModule authnz_ldap_module>
              AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
              AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
              AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
              AuthType             Basic
              AuthName             "Authentification requise (Acces LDAP)"
              AuthBasicProvider    ldap
            </IfModule>
          </Macro>

          <Macro Stats %{domain}>
            Alias /awstats /var/lib/goaccess/%{domain}
            <Directory /var/lib/goaccess/%{domain}>
              DirectoryIndex index.html
              AllowOverride None
              Require all granted
            </Directory>
            <Location /awstats>
              Use LDAPConnect
              Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
            </Location>
          </Macro>
        '';
      };
      http2 = {
        modules = [ "http2" ];
        extraConfig = ''
          Protocols h2 http/1.1
        '';
      };
      customLog = {
        extraConfig = ''
          LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
        '';
      };
    };
  };
}