{ me, pkgs, util, ... }:

let
  rnrdUrl = if me.is.renard then "rnrd.eu" else "${me.name}.rnrd.eu";

  base-index = pkgs.substituteAll {
    src = ../../assets/base.html;
    env.me = util.titleCase me.name;
  };

  base = pkgs.linkFarm "www-base" {
    "index.html" = base-index;
    "favicon.png" = ../../assets/favicon.png;
  };

in
{
  imports = [ ./tailnet.nix ];

  security.acme = {
    acceptTerms = true;
    defaults.email = "einebeere@gmail.com";
    # causes issues with tailscale certificates
    preliminarySelfsigned = false;
  };

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    statusPage = true;

    commonHttpConfig = ''
      log_format json_combined escape=json '{'
      	'"time_local":"$time_local",'
      	'"remote_addr":"$remote_addr",'
      	'"remote_user":"$remote_user",'
      	'"request":"$request",'
      	'"status": "$status",'
      	'"body_bytes_sent":"$body_bytes_sent",'
      	'"request_length":"$request_length",'
      	'"request_time":"$request_time",'
      	'"http_referrer":"$http_referer",'
      	'"http_user_agent":"$http_user_agent",'
      	'"upstream_response_time":"$upstream_response_time",'
      	'"upstream_addr":"$upstream_addr",'
      	'"upstream_status":"$upstream_status"'
      '}';
      access_log /var/log/nginx/access.log json_combined;
      error_log /var/log/nginx/error.log warn;
    '';

    virtualHosts = {
      base = {
        default = true;
        serverName = rnrdUrl;
        root = base;
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          access_log /var/log/nginx/base.access.log json_combined;
        '';
      };
    };
  };
}