{ config, lib, pkgs, ... }:
let
  cfg = config.orbekk.login;
  aliases = import ../data/aliases.nix;
in
{
  options = {
    orbekk.login = {
      enable = lib.mkEnableOption "Enable login server";
      loginPort = lib.mkOption {
        type = lib.types.int;
        default = aliases.services.login.port;
      };
      loginDomain = lib.mkOption {
        type = lib.types.str;
        default = "login.orbekk.com";
      };
    };
  };

  config = lib.mkIf cfg.enable {
    services.keycloak = {
      enable = false;
      httpPort = "8080";
      bindAddress = "127.0.0.1";
      database.type = "postgresql";
      database.passwordFile = "/opt/secret/keycloak/db_password";
      frontendUrl = "http://localhost/auth";
    };

    environment.systemPackages = with pkgs; [
      xmlstarlet
      libtidy
      jq
    ];

    # services.nginx.virtualHosts.${cfg.loginDomain} = {
    #   enableACME = true;
    #   forceSSL = true;
    #   locations."/" = {
    #     proxyPass = "http://127.0.0.1:${toString cfg.loginPort}";
    #     proxyWebsockets = true;
    #   };
    # };
  };
}