{ config, pkgs, inputs, lib, ... }:
let
  port = 8081;
  domain = "fossil.cyplo.dev";
  baseurl = "https://${domain}";
in {
  imports = [ ../nginx.nix ];

  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = { proxyPass = "http://localhost:" + toString port; };
      };
    };
  };

  containers.fossil = {
    autoStart = true;
    forwardPorts = [{
      containerPort = port;
      hostPort = port;
    }];
    config = { config, pkgs, ... }:
      let
        path = "/var/lib/fossil";
        repoPath = "${path}/repo.fossil";
        user = "fossil";
        group = "fossil";
      in {

        users.groups = { "${group}" = { }; };
        users.users = {
          fossil = {
            description = "Fossil Service";
            home = path;
            useDefaultShell = true;
            group = group;
            isSystemUser = true;
          };
        };

        systemd.tmpfiles.rules = [ "d '${path}' 0770 ${user} ${group} - -" ];
        systemd.services.fossil = {
          description = "fossil server";
          after = [ "network-online.target" ];
          wantedBy = [ "multi-user.target" ];
          path = [ pkgs.fossil pkgs.git ];

          serviceConfig = {
            User = user;
            Group = group;
            WorkingDirectory = path;
            ReadWritePaths = [ path ];
            ExecStart = "${pkgs.fossil}/bin/fossil server --localhost --https"
              + " --port ${toString port}" + " --baseurl ${baseurl}"
              + " --create ${repoPath}";
            Restart = "always";
            RestartSec = 3;
          };

        };
      };
  };

}