{ lib, pkgs, config, ... }:
let
  cfg = config.myServices.websites.ressourcerie_banon.cryptpad;
  configFile = "${pkgs.cryptpad}/lib/node_modules/cryptpad/config/config.example.js";
in {
  options.myServices.websites.ressourcerie_banon.cryptpad.enable = lib.mkEnableOption "Enable Ressourcerie Banon’s cryptpad";

  config = lib.mkIf cfg.enable {
    systemd.services.cryptpad-ressourcerie_banon = {
      description = "Cryptpad Banon Service";
      wantedBy = [ "multi-user.target" ];
      after = [ "networking.target" ];
      serviceConfig = {
        DynamicUser = true;
        Environment = [
          "CRYPTPAD_CONFIG=${configFile}"
          "HOME=%S/cryptpad/ressourcerie_banon"
        ];
        ExecStart = "${pkgs.cryptpad}/bin/cryptpad";
        PrivateTmp = true;
        Restart = "always";
        StateDirectory = "cryptpad/ressourcerie_banon";
        WorkingDirectory = "%S/cryptpad/ressourcerie_banon";
      };
    };
    services.websites.env.production.vhostConfs.ressourcerie_banon_cryptpad = {
      certName = "ressourcerie_banon";
      addToCerts = true;
      hosts = ["pad.le-garage-autonome.org"];
      root = null;
    };
  };
}