{ me, pkgs, auxiliaryPkgs, ... }:

let
  inherit (pkgs) miniflux dockerTools;
  inherit (auxiliaryPkgs) common;

  minifluxDir = "/srv/miniflux";
  minifluxLocalPort = 9149;

  minifluxImage = dockerTools.streamLayeredImage {
    name = "miniflux";
    tag = miniflux.version;
    fromImage = common.alpine.base;

    contents = [ miniflux ];
  };

in
{
  foundation.service.miniflux = {
    miniflux = {
      image = minifluxImage;
      ports = [ minifluxLocalPort ];

      environment = {
        PORT = toString minifluxLocalPort;
        BASE_URL = "https://miniflux.rnrd.fyi/";

        CREATE_ADMIN = "1";
        ADMIN_USERNAME = "mel";
        ADMIN_PASSWORD = "X98ji!9aoJNfCB";

        DATABASE_URL = "postgres://miniflux:miniflux@db/miniflux?sslmode=disable";
        RUN_MIGRATIONS = "1";
      };

      entrypoint = "${miniflux}/bin/miniflux";
      workdir = "/etc/miniflux";
    };

    db = {
      fullImage = common.postgres17;

      volumes = [ [ "${minifluxDir}/pgdata" "/var/lib/postgresql/data" ] ];

      environment = {
        "POSTGRES_DATABASE" = "miniflux";
        "POSTGRES_USER" = "miniflux";
        "POSTGRES_PASSWORD" = "miniflux";
      };
    };
  };

  services.nginx.virtualHosts."miniflux.rnrd.fyi" = {
    useACMEHost = "rnrd.fyi";
    forceSSL = true;
    listenAddresses = [ me.tailscale.ip ];
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString minifluxLocalPort}/";
      recommendedProxySettings = true;
    };
  };
}