{pkgs, config, ...}:

{
  imports = [ ./keytracker-module.nix ];

  services.keytracker = {
    enable = true;
    domain = "keytracker.infra4future.de";
    stateDir = "/var/lib/keytracker";

    # we have to overwrite this package, since the api url is backed into its code
    frontendPackage = pkgs.keytracker-frontend.overrideAttrs (old: { apiUrl = "https://keytracker.infra4future.de/api"; });

    config = ''
      [Default]
      CorsOrigin = "*"
      DbPath = "history.db"
      Port = 3029

      [Keys]
      4c81038150f6 = hacc;18673c03507bd03b3a719515;6869ef50fdd047289b58b7dc867dc859b5ddf0a5ab9c850fb7eec821e62f14f0
      7a05c8441f3a = testkey;694403310905ed4ac26e56f8;13852ec7855fc51b012874ea5786c215c37c3ed592685a04d1ad56152eccccc5
      7fc944c9e632 = Test=2;74fffaf6e463950fc6da3fd3;95313e37ff448b1a19b133fd8067c160f9f1c6d417f5d8dbec6f4f931097d389
      8174875f7d85 = Chris Büro;49c5dbda74fe86eae0dd1ce6;247f16f579033a6a947b3be301407319cd9bfe14f11554d71ea3190e04f7cb91
    '';

    nginx = {
      enableACME = true;
      forceSSL = true;
      locations."^~ /api" = {
        proxyPass = "http://localhost:3029/";
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 443 ];

}