{ lib, pkgs, config, myconfig,  ... }:
let
  aten = pkgs.callPackage ./builder.nix {
    inherit (pkgs.webapps) aten;
    config = myconfig.env.websites.aten.production;
    apacheUser = config.services.httpd.Prod.user;
    apacheGroup = config.services.httpd.Prod.group;
  };

  cfg = config.myServices.websites.aten.production;
in {
  options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production";

  config = lib.mkIf cfg.enable {
    secrets.keys = aten.keys;
    services.webstats.sites = [ { name = "aten.pro"; } ];

    systemd.services.phpfpm-aten_prod.preStart = lib.mkAfter aten.phpFpm.preStart;
    systemd.services.phpfpm-aten_prod.after = lib.mkAfter aten.phpFpm.serviceDeps;
    systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps;
    services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;
    system.activationScripts.aten_prod = aten.activationScript;
    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName}
      '';
    services.websites.production.modules = aten.apache.modules;
    services.websites.production.vhostConfs.aten = {
      certName     = "aten";
      certMainHost = "aten.pro";
      hosts        = [ "aten.pro" "www.aten.pro" ];
      root         = aten.apache.root;
      extraConfig  = [ aten.apache.vhostConf ];
    };
  };
}