{ config, pkgs, lib, ... }:
let
  rootDomain = "lgmrszd.xyz";
  hostAddress = "192.168.100.10";
  localAddress = "192.168.100.11";
  localPort = 4000;
  domain = "akko429164.testdrive.${rootDomain}";
in 
{
  imports = [
    ./akkoma/akkontainer.nix
  ];


  services.nginx.virtualHosts."${domain}" = {
    serverName = "${domain}";
    forceSSL = true;
    useACMEHost = "${rootDomain}";
    locations."/" = {
      proxyPass = "http://${localAddress}:${toString localPort}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
    };
  };

  sops.secrets = 
  let
    sopsFile = ../../secrets/akkotest-vps.yaml;
    format = "yaml";
    sopsPrefix = "akkotest-vps";
    mkSopsSecret = secretList: builtins.listToAttrs(map 
    (name: {
      name = "${sopsPrefix}/${name}";
      value = {
        inherit sopsFile;
        inherit format;
      };
    })
    secretList);
  in mkSopsSecret [
    "vapid-private"
    "vapid-public"
    "liveview-salt"
    "signing-salt"
    "jwt-signer"
    "key-base"
  ];

  myAkkomaContainerOptions = {
    enable = true;
    # hostAddress = "192.168.100.10";
    # localAddress = "192.168.100.11";
    # localPort = 4000;
    # domain = "akkotest.local";
    inherit hostAddress;
    inherit localAddress;
    inherit localPort;
    inherit domain;
    containerName = "akkotest";
  };

  users = {
    users."akkoma" = {
      description = "Fake Akkoma user to set up files permissions";
      group = "akkoma";
      isSystemUser = true;
      uid = 1234;
    };
    groups."akkoma" = { gid = 1234; };
  };

  containers.akkotest =
  let
    outerConfig = config;
    hostDataPrefix = "/data/akkotest";
    containerDataPrefix = "/data/akkotest";
  in 
  {
    ephemeral = true;
    privateNetwork = true;
    inherit hostAddress;
    inherit localAddress;
    allowedDevices = [
      {
        modifier = "rwm";
        node = "/dev/fuse";
      }
    ];
    bindMounts."/dev/fuse" = {};
    bindMounts.static = {
      hostPath = "/data/akkotest/static_i";
      mountPoint = "/data/akkoma/static_i";
      isReadOnly = false;
    };
    bindMounts.db = {
      hostPath = "/data/akkotest/postgresql";
      mountPoint = "/data/postgresql";
      isReadOnly = false;
    };
    bindMounts.uploads = {
      hostPath = "/data/akkotest/uploads";
      mountPoint = "/data/akkoma/uploads";
      isReadOnly = false;
    };
    # bindMounts.secrets = {
    #   hostPath = "/data/secrets_akkotest";
    #   mountPoint = "/var/akkosecrets";
    #   isReadOnly = true;
    # };
    bindMounts."/run/secrets/akkotest-vps" = {
      isReadOnly = true;
    };

    config = 
    { config, pkgs, ... }:
    {
      imports = [
        ./akkoma/akkontainer.nix
        ./akkoma/akkoma.nix
        ./akkoma/akkoma-static.nix
        ../../modules/akkoma-patches.nix
      ];
      users = {
        users."akkoma" = {
          description = "Akkoma user";
          group = "akkoma";
          isSystemUser = true;
          uid = 1234;
        };
        groups."akkoma" = { gid = 1234; };
      };
      # myAkkomaContainerOptions = outerConfig.myAkkomaContainerOptions.mkInnerConfig;
      # myAkkomaContainerOptions = {
      #   inherit hostAddress;
      #   inherit localAddress;
      #   inherit localPort;
      #   inherit domain;
      #   isContainer = true;
      # };
      environment.systemPackages = with pkgs; [ zip unzip ];
      systemd.tmpfiles.rules = [
        "d /data/postgresql 700 postgres postgres -"
        # "d /data/uploads 700 akkoma akkoma -"
        # "d /var/akkosecrets 500 akkoma akkoma -"
       ];
      services.postgresql = {
        enable = true;
        package = pkgs.postgresql_15;
        dataDir = "/data/postgresql";
      };
      networking.firewall.allowedTCPPorts = [
        localPort
      ];
      system.stateVersion = "23.05";
    };
  };
}