{pkgs, config, ...}:

{

  services.keytracker = {
    enable = true;
    domain = "keytracker.infra4future.de";
    stateDir = "/var/lib/keytracker";

    # we have to overwrite this package, since the api url is backed into its code
    frontendPackage = pkgs.keytracker-frontend.overrideAttrs (old: { apiUrl = "https://keytracker.infra4future.de:5000"; });

    config.Default = {
      Port = 5000;
      DbPath = "history.db";
      CorsOrigin = "off";
    };
    config.Keys = {
      "8174875f7d85" = "Chris Büro;49c5dbda74fe86eae0dd1ce6;247f16f579033a6a947b3be301407319cd9bfe14f11554d71ea3190e04f7cb91";
      "7fc944c9e632" = "Test=2;74fffaf6e463950fc6da3fd3;95313e37ff448b1a19b133fd8067c160f9f1c6d417f5d8dbec6f4f931097d389";
      "7a05c8441f3a" = "testkey;694403310905ed4ac26e56f8;13852ec7855fc51b012874ea5786c215c37c3ed592685a04d1ad56152eccccc5";
    };

    nginx = {
      enableACME = true;
      forceSSL = true;
    };
  };

  networking.firewall.allowedTCPPorts = [ 5000 ];
}