{config, lib, pkgs, ...}:

{
  networking.firewall.allowedTCPPorts = [
    80 # HTTP
    443 # HTTPs
  ];

  services.netdata = {
    enable = true;
  };

  # Enable nginx service
  services.nginx = {
    enable = true;
    # Use recommended settings
    # Don't use recommended Proxy settings because it does funky things with the setup
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedTlsSettings = true;
    virtualHosts."${config.networking.hostName}.live.hacc.media" = {
      forceSSL = true;
      enableACME = true;
#     basicAuth = basicAuthLogin;
      locations = {
        "~* \\.(m3u8)$" = {
          proxyPass = "https://cdn-master.live.hacc.media$request_uri";
          extraConfig = ''
            #proxy_cache = off;
            expires 3s;
            auth_basic off;
          '';
        };
        "/hls" = {
          proxyPass = "https://cdn-master.live.hacc.media$request_uri";
          extraConfig = ''
            types {
            application/vnd.apple.mpegurl m3u8;
            video/mp2t ts;
            }
            proxy_cache hls;
            proxy_ignore_headers Cache-Control;
            proxy_cache_valid any 30m;
            auth_basic off;
          '';

        };
        "/stats" = {
          return = "301 /stats/";
        };
        "~ /stats/(?<ndpath>.*)" = {
          proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
          extraConfig = ''
            proxy_redirect off;
            proxy_set_header Host $host;

            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_pass_request_headers on;
            proxy_set_header Connection "keep-alive";
            proxy_store off;

            gzip on;
            gzip_proxied any;
            gzip_types *;
          '';
        };

      };
    };

    appendHttpConfig = ''
      proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
      resolver 1.1.1.1;
    '';
  };
}