{ lib, config, pkgs, ... }:
let
  cfg = config.myServices.websites.denise.oms;
  varDir = "/var/lib/buildbot/outputs/denise/oms";
  varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
  socket = "/run/denise_oms/socket.sock";
  socket_beta = "/run/denise_oms_beta/socket.sock";
in {
  options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";

  config = lib.mkIf cfg.enable {
    services.websites.env.production.vhostConfs.denise_oms = {
      certName     = "denise";
      addToCerts   = true;
      hosts        = [ "oms.syanni.eu" ];
      root         = null;
      extraConfig  = [
        ''
        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPass / unix://${socket}|http://oms.syanni.eu/
        ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
          ''
      ];
    };

    systemd.services.denise-oms = {
      description = "Denise OMS website";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "simple";
        WorkingDirectory = varDir;
        ExecStart = let
          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
        in
          "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
        User = "buildbot";
        Restart = "always";
        RestartSec = "5s";
        PIDFile = "/run/denise_oms/gunicorn.pid";
        RuntimeDirectory = "denise_oms";
        StandardOutput = "journal";
        StandardError = "inherit";
      };
    };

    services.websites.env.integration.vhostConfs.denise_oms_beta = {
      certName     = "denise";
      addToCerts   = true;
      hosts        = [ "beta.oms.syanni.eu" ];
      root         = null;
      extraConfig  = [
        ''
        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/
        ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/
          ''
      ];
    };

    systemd.services.denise-oms-beta = {
      description = "Denise OMS beta website";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "simple";
        WorkingDirectory = varDirBeta;
        ExecStart = let
          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
        in
          "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
        User = "buildbot";
        Restart = "always";
        RestartSec = "5s";
        PIDFile = "/run/denise_oms_beta/gunicorn.pid";
        RuntimeDirectory = "denise_oms_beta";
        StandardOutput = "journal";
        StandardError = "inherit";
      };
    };
  };
}