# Part of config shamelessly stolen from:
#
# https://github.com/delroth/infra.delroth.net
{
  config,
  lib,
  pkgs,
  ...
}: let
  inherit
    (lib)
    mkIf
    ;
in {
  # Whenever something defines an nginx vhost, ensure that nginx defaults are
  # properly set.
  config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != ["localhost"]) {
    services.nginx = {
      enable = true;
      statusPage = true; # For monitoring scraping.

      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
    };

    networking.firewall.allowedTCPPorts = [80 443];

    services.prometheus = {
      exporters.nginx = {
        enable = true;
        listenAddress = "127.0.0.1";
      };

      scrapeConfigs = [
        {
          job_name = "nginx";
          static_configs = [
            {
              targets = ["127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"];
              labels = {
                instance = config.networking.hostName;
              };
            }
          ];
        }
      ];
    };

    security.acme = {
      acceptTerms = true;
      defaults.email = "antoine97.martin@gmail.com";

      certs = let
        domain = config.networking.domain;
        gandiKey = config.my.secrets.gandiKey;
      in {
        "${domain}" = {
          extraDomainNames = ["*.${domain}"];
          dnsProvider = "gandiv5";
          credentialsFile = config.age.secrets."gandi/api-key".path;
          group = "nginx";
        };
      };
    };
  };
}