{ config, lib, pkgs, options, ... }:

with lib;
let
  cfg = config.modules.services.forgejo;
in {
  options.modules.services.forgejo = {
    enable = mkEnableOption "enable forgejo, ";
    port = mkOption {
      type = types.int;
      default = 3001;
    };
    domain = mkOption {
      type = types.str;
      default = "amdl.reidlab.pink";
    };
  };

  config = mkIf cfg.enable {
    services.amdl = {
      enable = true;

      stateDir = "/var/lib/${cfg.domain}";
      env = {
        MEDIA_USER_TOKEN = builtins.readFile /etc/secrets/amdl/media_user_token;
        WIDEVINE_CLIENT_ID = builtins.readFile /etc/secrets/amdl/widevine_client_id;
        WIDEVINE_PRIVATE_KEY = builtins.readFile /etc/secrets/amdl/widevine_private_key;
      };
    };

    services.nginx.virtualHosts."${cfg.domain}" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${cfg.port}";
      };
    };
  };
}