{ config
, flakes
, pkgs
, ...
}:
{
  sops.secrets.mapf = {
    sopsFile = ../../../secrets/mapf-prod.env;
  };

  services.nginx = {
    virtualHosts."mapf.donsz.nl" = {
      forceSSL = true;
      http2 = true;
      enableACME = true;

      locations."/" = {
        proxyPass = "http://[::1]:8080";
      };
    };
  };

  systemd.services.mapf-server =
    let
      package = flakes.mapf.packages.${pkgs.system}.default;
    in
    {
      description = "mapf-server";
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        DynamicUser = "yes";
        ExecStart = "${package}/mapf_server_bin";
        Restart = "on-failure";
        RestartSec = "5s";
        EnvironmentFile = config.sops.secrets.mapf.path;
        WorkingDirectory = "${package}";
      };

      environment = {
        MAPF_TEMPLATEFOLDER = "${package}/templates";
        MAPF_DBUSER = "mapfprod";
        MAPF_DBPASSWORD = "";
        MAPF_DBPORT = "3306";
        MAPF_DBHOST = "localhost";
        MAPF_DBDATABASE = "mapfprod";
      };
    };
}