{ config, lib, pkgs, ... }:

{
  containers.funkwhale = {
    inherit pkgs;
    privateNetwork = true;
    hostAddress = "192.168.100.1";
    localAddress = "192.168.100.4";
    autoStart = true;
    config = { config, lib, pkgs, ... }: {
      imports = [
        ../../../../modules
      ];
      services.coredns = {
        enable = true;
        config = ''
        .:53 {
          forward . 1.1.1.1
        }
        '';
      };
      networking.firewall.enable = false;
      services.funkwhale = {
        enable = true;
        apiIp = "192.168.100.4";
        hostname = "funkwhale.hacc.media";
        protocol = "https";
        defaultFromEmail = "funkwhale@hacc.media";
        api.djangoSecretKey = "TwsgANNKid+HZ0HwhR/FgTcxFIW6sZ8s4n7HxV6zPdU=";
      };
      services.nginx.virtualHosts."funkwhale.hacc.media" = {
        enableACME = lib.mkForce false;
        forceSSL = lib.mkForce false;
      };
    };
  };
  services.nginx.virtualHosts."funkwhale.hacc.media" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.100.4";
      extraConfig = ''
        proxy_pass_request_headers on;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_buffering off;
      '';
    };
  };
}