{ config, lib, pkgs, ... }:

let
  cfg = config.orbekk.hledger-web;
  aliases = import ../data/aliases.nix;
in {
  options = {
    orbekk.hledger-web = {
      enable = lib.mkEnableOption "Enable hledger-web";
      journalFile = lib.mkOption {
        type = lib.types.str;
        description = "Path to journal file";
      };
      port = lib.mkOption {
        type = lib.types.int;
        default = aliases.services.hledger-web.port;
      };
      domain = lib.mkOption {
        type = lib.types.str;
        default = "money.orbekk.com";
      };
    };
  };

  config = lib.mkIf cfg.enable {
    systemd.services.hledger-web = {
      description = "Hledger Web";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      path = with pkgs; [ hledger hledger-web git ];

      serviceConfig = {
        User = "hledger";
        Group = "hledger";
        StateDirectory = "hledger-web";
        StateDirectoryMode = "770";
      };

      script = ''
        cd /var/lib/hledger-web
        hledger-web -f ${cfg.journalFile} --port ${toString cfg.port} --serve --base-url "https://${cfg.domain}"
      '';
    };

    services.nginx.virtualHosts."${cfg.domain}" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString cfg.port}";
        proxyWebsockets = true;
        extraConfig = ''
          auth_basic money;
          auth_basic_user_file "/opt/secret/nginx-money.htpasswd";
        '';
      };
    };
  };
}