{ config, pkgs, lib, ... }:
let
  cfg = config.myServices.websites.tools.cryptpad;
  envCfg = config.myEnv.tools.cryptpad.immaeEu;
  domain = "cryptpad.immae.eu";
  port = envCfg.port;
  configFile = pkgs.writeText "config.js" ''
    // ${pkgs.cryptpad}/lib/node_modules/cryptpad/config/config.example.js
    module.exports = {
      httpUnsafeOrigin: 'https://${domain}',
      httpPort: ${toString port},
      adminEmail: '${envCfg.email}',
      filePath: './datastore/',
      archivePath: './data/archive',
      pinPath: './data/pins',
      taskPath: './data/tasks',
      blockPath: './block',
      blobPath: './blob',
      blobStagingPath: './data/blobstage',
      decreePath: './data/decrees',
      logPath: './data/logs',
      logToStdout: false,
      logLevel: 'info',
      logFeedback: false,
      verbose: false,
      inactiveTime: false,
      maxUploadSize: 100 * 1024 * 1024,
      adminKeys: ${builtins.toJSON envCfg.admins},
    };
  '';
in
{
  options.myServices.websites.tools.cryptpad.enable = lib.mkEnableOption "Enable Cryptpad";
  config = lib.mkIf cfg.enable {
    myServices.tools.cryptpad.farm.hosts.immaeEu = {
      inherit domain port;
      config = configFile;
    };
    services.websites.env.tools.modules = [ "proxy_wstunnel" ];
    services.websites.env.tools.vhostConfs.cryptpad = {
      certName = "eldiron";
      addToCerts = true;
      hosts = [domain];
      root = config.myServices.tools.cryptpad.farm.vhostRoots.immaeEu;
      extraConfig = [
        config.myServices.tools.cryptpad.farm.vhosts.immaeEu
      ];
    };
  };
}