{ config, lib, pkgs, ... }:

let
  hostname = "forum.test.selby.ca";
  local-port = "3157";

  postgres-host = "france.fudo.org";
  config-path = "/srv/selby-forum/conf";
  redis-data-path = "/srv/selby-forum/redis-data";
  sidekiq-data-path = "/srv/selby-forum/sidekiq-data";
  discourse-data-path = "/srv/selby-forum/discourse-data";
  postgres-data-path = "/srv/selby-forum/postgres-data";

  env-file = "/srv/selby-forum/private/env";

  ensure-dir-and-ownership = ownership: dir: ''
    if [ ! -d ${dir} ]; then
      mkdir -p ${dir}
    fi

    chown -R ${ownership} ${dir}
    chmod 700 ${dir}
  '';

in {
  config = {
    users.users = {
      selby-discourse = {
        isSystemUser = true;
        # This is stupid: needs to be 1001, see bitnami docs
        uid = 1001;
      };
    };

    security.acme.certs.${hostname}.email = "niten@fudo.org";

    services.nginx = {
      enable = true;

      virtualHosts = {
        "${hostname}" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
            proxyPass = "http://127.0.0.1:${local-port}";

            extraConfig = ''
              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-By $server_addr:$server_port;
              proxy_set_header X-Forwarded-For $remote_addr;
              proxy_set_header X-Forwarded-Proto $scheme;
            '';
          };
        };
      };
    };

    docker-containers = let
      docker-flags = [ "--network=selby-discourse" "--env-file=${env-file}" ];
      discourse-env = {
        DISCOURSE_USERNAME = "admin";
        DISCOURSE_SITENAME = "Selby Forum";
        DISCOURSE_EMAIL = "forum@selby.ca";
        DISCOURSE_HOSTNAME = hostname;

        POSTGRESQL_HOST = "selby-discourse-postgres";
        DISCOURSE_POSTGRESQL_USERNAME = "discourse_selby_forum";
        DISCOURSE_POSTGRESQL_NAME = "discourse_selby_forum";
        # note: passwords are stored in env-file

        REDIS_HOST = "selby-discourse-redis";
        # note: password is store in env-file
      };

    in {
      selby-discourse = {
        image = "bitnami/discourse:2.6.0";
        ports = [ "127.0.0.1:${local-port}:3000" ];
        # user = toString config.users.users.selby-discourse.uid;
        volumes = [
          "${config-path}:/opt/bitnami/discourse/mounted-conf"
          "${discourse-data-path}:/bitnami"
        ];
        extraDockerOptions = docker-flags;
        environment = discourse-env;
      };

      selby-discourse-redis = {
        image = "bitnami/redis:6.0";
        user = toString config.users.users.selby-discourse.uid;
        volumes = [ "${redis-data-path}:/bitnami/redis/data" ];
        extraDockerOptions = docker-flags;
        environment = { };
      };

      selby-discourse-sidekiq = {
        image = "bitnami/discourse:2.6.0";
        # user = toString config.users.users.selby-discourse.uid;
        volumes = [ "${sidekiq-data-path}:/bitnami" ];
        cmd = [ "nami" "start" "--foreground" "discourse-sidekiq" ];
        extraDockerOptions = docker-flags;
        environment = discourse-env;
      };

      selby-discourse-postgres = {
        image = "bitnami/postgresql:13";
        # user = toString config.users.users.selby-discourse.uid;
        volumes = [ "${postgres-data-path}:/bitnami/postgresql" ];
        extraDockerOptions = docker-flags;
        environment = {
          POSTGRESQL_DATABASE = "discourse_selby_forum";
          POSTGRESQL_USERNAME = "discourse_selby_forum";
        };
      };
    };
  };
}