/*
Gonna use a priper nixos module for this
*/

{ config, pkgs, ... }:
  with lib;
  let
    cfg = config.services.skynet_ldap;
  in {

  # these are needed for teh program in question
  imports = [
    ./acme.nix
    ./nginx.nix
  ];


  options.services.skynet_ldap = {
    # options that need to be passed in to make this work

    enable = mkEnableOption "Skynet LDAP service";

    host = {
      ip = mkOption {
        type = types.str;
      };

      name = mkOption {
        type = types.str;
      };
    };

    subdomain = mkOption {
      type = types.str;
      default = "sso";
    };

    port = mkOption {
      type = types.port;
      default = 8080;
    };
  };

  config = mkIf cfg.enable {
    # this is athe actual configuration that we need to do

    # some things first just for skynet
    skynet_firewall.forward = [
      "ip daddr ${cfg.host.ip} udp dport 80 counter packets 0 bytes 0 accept"
      "ip daddr ${cfg.host.ip} udp dport 443 counter packets 0 bytes 0 accept"
    ];

    skynet_dns.records.cname = [
      "${cfg.subdomain}  CNAME   ${cfg.host.name}"
    ];

    # firewall on teh computer itself
    networking.firewall.allowedTCPPorts = [
      80
      443
    ];


    # finally down to configurating teha ctual service

    # gonna need a reverse proxy set up
    services.nginx = {
      virtualHosts."${cfg.subdomain}.skynet.ie" = {
        forceSSL = true;
        useACMEHost = "skynet";
        locations."/".proxyPass = "http://localhost:${port}";
      };
    };


    # finally the actual service we are doing
    services.portunus = {
      enable = true;
      domain = hostname;
      port = port;
      # not sure if this will work
      seedPath = "./ldap/seed.json";
    };
  };
}