# { pkgs, flakes, ... }:
# {
#   # sops.secrets.reviewqueue = {
#   # sopsFile = ../../../secrets/reviewqueue.env;
#   # };

#   services.nginx = {
#     virtualHosts."api.money.is.fckn.gay" = {
#       forceSSL = true;
#       http2 = true;
#       enableACME = true;

#       locations."/" = {
#         proxyPass = "http://localhost:11009";
#         proxyWebsockets = true;
#       };
#     };
#     virtualHosts."money.is.fckn.gay" = {
#       forceSSL = true;
#       http2 = true;
#       enableACME = true;

#       locations."/" = {
#         root = flakes.mifg.packages.${pkgs.system}.frontend.override {
#           api_base_url = "https://api.money.is.fckn.gay";
#         };
#         tryFiles = "$uri $uri/ /index.html";
#       };
#     };
#   };

#   systemd.services.money = {
#     description = "money is fckn gay";

#     wantedBy = [ "multi-user.target" ];
#     after = [ "network.target" ];

#     restartIfChanged = true;

#     serviceConfig = {
#       ExecStart = "${flakes.mifg.packages.${pkgs.system}.backend}/bin/mifg-backend";
#       Restart = "always";
#       # EnvironmentFile = "/run/secrets/reviewqueue";
#       StateDirectory = "money";

#     };

#     environment = {
#       MIFG_DATABASE_LOCATION = "/var/lib/money/db.sqlite";
#       MIFG_FRONTEND_ORIGIN = "https://money.is.fckn.gay";
#       MIFG_PORT = "11009";
#     };
#   };
# }

{
  pkgs,
  flakes,
  config,
  ...
}:
let
  mifg-config = api-url: api-port: public-url: service-name: {
    nginx = {
      virtualHosts."${api-url}" = {
        forceSSL = true;
        http2 = true;
        enableACME = true;

        locations."/" = {
          proxyPass = "http://localhost:${toString api-port}";
          proxyWebsockets = true;
        };
      };
      virtualHosts."${public-url}" = {
        forceSSL = true;
        http2 = true;
        enableACME = true;

        locations."/" = {
          root = flakes.mifg.packages.${pkgs.system}.frontend.override {
            api_base_url = "https://${api-url}";
          };
          tryFiles = "$uri $uri/ /index.html";
        };
      };
    };

    service = {
      description = "money is fckn gay";

      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      restartIfChanged = true;

      serviceConfig = {
        ExecStart = "${flakes.mifg.packages.${pkgs.system}.backend}/bin/mifg-backend";
        Restart = "always";
        # EnvironmentFile = "/run/secrets/reviewqueue";
        StateDirectory = "${service-name}";
      };

      environment = {
        MIFG_DATABASE_LOCATION = "/var/lib/${service-name}/db.sqlite";
        MIFG_FRONTEND_ORIGIN = "https://${public-url}";
        MIFG_PORT = toString api-port;
      };
    };
  };
  real = (mifg-config "api.money.is.fckn.gay" 11009 "money.is.fckn.gay" "money");
  staging = (mifg-config "api.money-staging.donsz.nl" 11010 "money-staging.donsz.nl" "money-staging");
  lib = pkgs.lib;
in
{
  services.nginx = lib.mkMerge [
    real.nginx
    staging.nginx
  ];
  systemd.services.money = real.service;
  systemd.services.money-staging = lib.mkMerge [
    staging.service
    {
      serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" ''
        REAL_DB_LOCATION="/var/lib/money/"
        STAGING_DB_LOCATION="/var/lib/money-staging/"

        echo "$REAL_DB_LOCATION"
        echo "$STAGING_DB_LOCATION"

        mkdir -p $STAGING_DB_LOCATION
        cp -r $REAL_DB_LOCATION/* $STAGING_DB_LOCATION
      '')}/bin/setup-staging";
    }
  ];
}