{ lib, inputs, config, pkgs, ... }:
let
  cfg = config.services.readeck;
  secrets = config.age.secrets;
  fqdn = "${cfg.subdomain}.${config.networking.domain}";
  pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
in
{
  imports = [
    "${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/readeck.nix"
  ];

  options.services.readeck = {
    subdomain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = lib.mkIf cfg.enable {
    services = {
      readeck = {
        package = pkgsUnstable.readeck;
        environmentFile = secrets.readeck.path;
        settings = {
          server.port = lib.mkDefault 8090;
          database.source = "postgres://readeck:@readeck?host=/var/run/postgresql";
        };
      };

      webserver = {
        enable = lib.mkDefault true;
        vHosts.${fqdn} = {
          proxyBuffering = false;
          locations."/" = {
            proxyPort = cfg.settings.server.port;
          };
        };
      };

      postgresql = {
        enable = lib.mkDefault true;
        ensureDatabases = [ "readeck" ];
        ensureUsers = [{
          name = "readeck";
          ensureDBOwnership = true;
        }];
      };
    };
  };
}