{ lib, pkgs, config, ... }:
let
  cfg = config.myServices.websites.ressourcerie_banon.cryptpad;
  envCfg = config.myEnv.tools.cryptpad.ressourcerie_banon;
  port = envCfg.port;
  configFile = pkgs.writeText "config.js" ''
    // ${pkgs.cryptpad}/lib/node_modules/cryptpad/config/config.example.js
    module.exports = {
      httpUnsafeOrigin: 'https://${domain}',
      httpPort: ${toString port},
      adminEmail: '${envCfg.email}',
      filePath: './datastore/',
      archivePath: './data/archive',
      pinPath: './data/pins',
      taskPath: './data/tasks',
      blockPath: './block',
      blobPath: './blob',
      blobStagingPath: './data/blobstage',
      decreePath: './data/decrees',
      logPath: './data/logs',
      logToStdout: false,
      logLevel: 'info',
      logFeedback: false,
      verbose: false,
      inactiveTime: false,
      adminKeys: ${builtins.toJSON envCfg.admins},
    };
  '';
  domain = "pad.le-garage-autonome.org";
in {
  options.myServices.websites.ressourcerie_banon.cryptpad.enable = lib.mkEnableOption "Enable Ressourcerie Banon’s cryptpad";

  config = lib.mkIf cfg.enable {
    myServices.tools.cryptpad.farm.hosts.ressourcerie_banon = {
      inherit domain port;
      config = configFile;
    };
    services.websites.env.production.modules = [ "proxy_wstunnel" ];
    services.websites.env.production.vhostConfs.ressourcerie_banon_cryptpad = {
      certName = "ressourcerie_banon";
      addToCerts = true;
      hosts = [domain];
      root = config.myServices.tools.cryptpad.farm.vhostRoots.ressourcerie_banon;
      extraConfig = [
        config.myServices.tools.cryptpad.farm.vhosts.ressourcerie_banon
      ];
    };
  };
}