{ config, ... }:

let
  rootDomain = config.networking.domain;
  bensIp = "199.26.245.64";
in
{
  services = {
    gmnisrv = {
      enable = true;
      settings = {
        listen = "0.0.0.0:1965 [::]:1965";
        ":tls" = { store = "/var/lib/gmnisrv"; };
        "bsima.me" = {
          "root" = "/srv/www/ben";
        };
        "simatime.com" = {
          "root" = "/srv/www/simatime.com";
          "cgi" = "on";
        };
      };
    };

    nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      statusPage = true;

      user = "nginx";
      group = "www-data";

      virtualHosts = {
        ${rootDomain} = {
          locations."/archive.*" = {
            root = "/srv/www/simatime.com/archive";
            extraConfig = ''
              autoindex on;
            '';
          };

          locations."/" = {
            root = "/srv/www/simatime.com";
            extraConfig = ''
              autoindex on;
            '';
          };

          # serve /~$USER paths
          locations."~ ^/~(.+?)(/.*)?$" = {
            alias = "/srv/www/$1$2";
            index = "index.html index.htm";
            extraConfig = ''
              autoindex on;
            '';
          };
          forceSSL = true;
          enableACME = true;
        };

        "bsima.me" = {
          locations."/" = {
            root = "/srv/www/ben";
            index = "index.html index.htm";
            extraConfig = ''
              autoindex on;
            '';
          };
          serverAliases = [ "www.bsima.me" ];
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "hoogle.${rootDomain}" = {
          locations."/".proxyPass = "http://${bensIp}:8008";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "tv.${rootDomain}" = {
          locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "devalloc.io" = {
          locations."/".proxyPass = "http://${bensIp}:8095";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "dandel-rovbur.${rootDomain}" = {
          locations."/".proxyPass = "http://${bensIp}:8080";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        "sabten.${rootDomain}" = {
          locations."/".proxyPass = "http://localhost:8080";
          forceSSL = true;
          useACMEHost = rootDomain;
        };

        # Jupyter is currently disabled on Biz.Dev
        #"notebook.simatime.com".locations = {
        #  "/" = {
        #    proxyPass = "http://${bensIp}:3099";
        #    proxyWebsockets = true;
        #    extraConfig = ''
        #      proxy_buffering off;
        #      proxy_read_timeout 86400;
        #    '';
        #  };
        #  "/(api/kernels/[^/]+/channels|terminals/websocket)/" = {
        #    proxyPass = "http://${bensIp}:3099";
        #    proxyWebsockets = true;
        #  };
        #};
      };
    };
  };

  # This must contain all of the other domains we host
  security.acme.certs.${rootDomain}.extraDomainNames = [
    "bsima.me" "www.bsima.me" "tv.${rootDomain}"
    "devalloc.io"
    "matrix.${rootDomain}"
    "chat.${rootDomain}"
    "hoogle.${rootDomain}"
    "dandel-rovbur.${rootDomain}"
    "sabten.${rootDomain}"
  ];#
}