# Starts an Nginx server on $HOSTNAME just to get a cert for this host

{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.fudo.acme;

  wwwRoot = hostname:
    pkgs.writeTextFile {
      name = "index.html";

      text = ''
        <html>
          <head>
            <title>${hostname}</title>
          </head>
          <body>
            <h1>${hostname}</title>
          </body>
        </html>
      '';
      destination = "/www";
    };

in {

  options.fudo.acme = {
    hostnames = mkOption {
      type = with types; listOf str;
      description = "A list of hostnames mapping to this host, for which to acquire SSL certificates.";
      default = [];
      example = [
        "my.hostname.com"
        "alt.hostname.com"
      ];
    };
  };

  config = {

    services.nginx = {
      enable = true;

      virtualHosts = listToAttrs
        (map
          (hostname:
            nameValuePair hostname
              {
                enableACME = true;
                forceSSL = true;
                root = (wwwRoot hostname) + ("/" + "www");
              })
          cfg.hostnames);
    };

    security.acme.certs = listToAttrs
      (map (hostname: nameValuePair hostname { email = "admin@fudo.org"; })
        cfg.hostnames);
  };
}