{ lib, pkgs, config,  ... }:
let
  cfg = config.myServices.websites.immae.production;
  varDir = "/var/lib/buildbot/outputs/immae/blog";
  coursDir = "/var/lib/buildbot/outputs/immae/cours";
  rechercheDir = "/var/lib/buildbot/outputs/immae/recherche";
  recettesDir = "/var/lib/buildbot/outputs/immae/recettes";
  historyDir = "/var/lib/buildbot/outputs/immae/history";
  env = config.myEnv.websites.immae;
in {
  options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";

  config = lib.mkIf cfg.enable {
    services.webstats.sites = [ { name = "www.immae.eu"; } ];

    services.websites.env.production.vhostConfs.immae_production = {
      certName     = "immae";
      addToCerts   = true;
      certMainHost = "www.immae.eu";
      hosts        = [ "www.immae.eu" "immae.eu" ];
      root         = varDir;
      extraConfig  = [
        ''
        Use Stats www.immae.eu
        Header always set Strict-Transport-Security "max-age=31536000"

        <LocationMatch /.well-known/(webfinger|host-meta)>
          Header always set Referrer-Policy "strict-origin-when-cross-origin"
          RequestHeader set X-Forwarded-Proto "https"

          RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
        </LocationMatch>

        RewriteEngine On
        RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
        RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
        RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]

        <Directory ${varDir}>
          DirectoryIndex index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>

        Alias /.well-known/chatonsinfos ${./chatons}
        <Directory ${./chatons}>
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride None
          Require all granted
        </Directory>

        Alias /cours ${coursDir}
        <Directory ${coursDir}>
          DirectoryIndex index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>

        Alias /eurl ${./eurl}
        <Directory ${./eurl}>
          DirectoryIndex index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride None
          Require all granted
        </Directory>

        Alias /recherche ${rechercheDir}
        <Directory ${rechercheDir}>
          DirectoryIndex index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>

        Alias /recettes ${recettesDir}
        <Directory ${recettesDir}>
          DirectoryIndex index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>

        Alias /history ${historyDir}
        <Directory ${historyDir}>
          DirectoryIndex index.html
          AllowOverride None
          Require all granted
        </Directory>
        ''
      ];
    };

    services.websites.env.production.vhostConfs.immae_fr = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "www.immae.fr" "immae.fr" ];
      root        = null;
      extraConfig = [ ''
        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
        '' ];
    };

    services.websites.env.production.vhostConfs.immae_bouya = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "bouya.org" "www.bouya.org" ];
      root        = rechercheDir;
      extraConfig = [ ''
        <Directory ${rechercheDir}>
          DirectoryIndex index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>
        '' ];
    };
  };
}