{ config, lib, pkgs, evalConfig, ... }:

{
  containers.onlyoffice = {
    privateNetwork = true;
    hostAddress = "192.168.142.1";
    localAddress = "192.168.142.10";
    autoStart = true;
    bindMounts = {
      "/persist" = {
        hostPath = "/persist/containers/onlyoffice";
        isReadOnly = false;
      };
    };
    extraFlags = [ "--system-call-filter=proc_create_mount_point" ];
    path = evalConfig ({ config, lib, pkgs, ... }: {
      system.stateVersion = "21.11";

      services.postgresql = {
        enable = true;

        ensureDatabases = [ "onlyoffice" ];
        ensureUsers = [ {
          name = "onlyoffice";
          ensurePermissions = {
            "DATABASE onlyoffice" = "ALL PRIVILEGES";
          };
        } ];
        authentication = ''
          local   all   all                              trust
        '';
      };

      services.rabbitmq = {
        enable = true;
        dataDir = "/persist/rabbitmq";
      };

      services.onlyoffice = {
        enable = true;
      };

      networking.firewall.allowedTCPPorts = [ 8000 ];
    });
  };

  services.nginx.virtualHosts."onlyoffice-staging.infra4future.de" = {
    enableACME = true;
    forceSSL = true;
    locations."/".proxyPass = "http://${config.containers.onlyoffice.localAddress}:8000";
  };
}