# vim: tabstop=2 shiftwidth=2 expandtab
let
  base-domain = "005540.xyz";
  fqdn = "sourcehut.${base-domain}";
in
{
  services.sourcehut = {
    enable = true;
    meta = {
      enable = true;
    };
    git = {
      enable = true;
    };
    nginx.enable = true;
    postgresql.enable = true;
    redis.enable = true;
    settings = {
      "sr.ht" = {
        environment = "production";
        site-blurb = "logistic-bot's forge";
        global-domain = fqdn;
        origin = "https://${fqdn}";
        network-key = "/etc/nixos/secrets/sourcehut/network.key";
        service-key = "/etc/nixos/secrets/sourcehut/service.key";
      };
      "meta.sr.ht" = {
        onboarding-redirect = "https://meta.${fqdn}";
        origin = "https://meta.${fqdn}";
      };
      "git.sr.ht" = {
        oauth-client-id = "";
        oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";
        origin = "https://git.${fqdn}";
      };
      "mail" = {
        pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";
        pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";
        pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";
        smtp-from = "mail@${fqdn}";
      };
      webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";
    };
  };

  security.acme = {
    certs.${base-domain}.extraDomainNames = [
      "${fqdn}"
      "meta.${fqdn}"
      "git.${fqdn}"
    ];
    acceptTerms = true;
    defaults = {
      email = "khais.colin+letsencrypt@gmail.com";
      dnsProvider = "namecheap";
    };
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "${base-domain}" = {
        enableACME = true;
      };
      "${fqdn}" = {
        enableACME = true;
      };
      "meta.${fqdn}" = {
        enableACME = true;
      };
      "git.${fqdn}" = { 
        enableACME = true;
      };
    };
  };

  services.postgresql.enable = true;
}