{ config, pkgs, inputs, lib, ... }:
let
  httpPort = 8000;
  agentPort = 9000;
  domain = "ci.cyplo.dev";
  path = "/var/lib/woodpecker";
  serverContainerName = "woodpecker-server";
  agent = {
    dependsOn = [ "${serverContainerName}" ];
    volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock" ];
    image =
      "woodpeckerci/woodpecker-agent@sha256:9a98e25ca6fcf7c437ad355cfce53a696c55b9864399a4d456429a20bfb44545";
    environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ];
    environment = {
      WOODPECKER_SERVER = "${serverContainerName}:${toString agentPort}";
      WOODPECKER_MAX_PROCS = "1";
      WOODPECKER_DEBUG_PRETTY = "true";
      WOODPECKER_LOG_LEVEL = "info";
    };
    extraOptions = [ "--network=woodpecker" ];
  };

in {
  imports = [ ../nginx.nix ];

  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:" + toString httpPort;
        };
      };
    };
  };

  sops.secrets."gitea-env" = {
    sopsFile = ./gitea.sops;
    format = "binary";
  };

  virtualisation.podman.defaultNetwork.dnsname.enable = true;
  virtualisation.oci-containers.containers = {
    "${serverContainerName}" = {
      image =
        "woodpeckerci/woodpecker-server@sha256:e6027e46a782d50790183b7274a2a2ad3a6c6fb9a645e6af81a16419613c28ea";
      volumes = [ "woodpecker-server-data:${path}" ];
      environmentFiles = [ "${config.sops.secrets.gitea-env.path}" ];
      environment = {
        WOODPECKER_OPEN = "false";
        WOODPECKER_ADMIN = "cyplo";
        WOODPECKER_HOST = "https://${domain}";
        WOODPECKER_GITEA = "true";
        WOODPECKER_GITEA_URL = "https://git.cyplo.dev";
      };
      ports = [ "${toString httpPort}:${toString httpPort}" ];
      extraOptions = [ "--network=woodpecker" ];
    };
    woodpecker-agent1 = agent;
    woodpecker-agent2 = agent;
    woodpecker-agent3 = agent;
    woodpecker-agent4 = agent;
  };

}