{ config, lib, pkgs, ... }:
let
  name    = "microbin";
  user    = name;
  group   = name;
  host    = "127.0.0.1";
  port    = 6743;
  domain  = "i.kuklef.se";
  #domain  = mkDomain "microbin";
in
{

  systemd.services.microbin = {
    description = "Microbin - pastebin and url shortener";
    wantedBy = ["multi-user.target"];
    after    = ["network.target"];
    serviceConfig = {
      ExecStart = lib.escapeShellArgs [
        "${pkgs.microbin}/bin/microbin"
        "--title" "spis meg"
        "--editable"
        "--hide-footer"
        "--highlightsyntax"
        "--no-listing"
        "--wide"
        "--qr"
        "--gc-days" "0"
        "--enable-burn-after"
        "-b" "${host}"
        "-p" "${builtins.toString port}"
        "--public-path" "https://${domain}/"
      ];

      # https://github.com/szabodanika/microbin/issues/106
      #EnvironmentFile = "/var/lib/secrets/microbin.env"; # TODO: sops
      #Environment.MICROBIN_AUTH_USERNAME="foo";
      #Environment.MICROBIN_AUTH_PASSWORD="bar";

      DynamicUser = true;
      StateDirectory = "microbin";
      WorkingDirectory = "/var/lib/microbin";
      Type = "simple";
      Restart = "always";

      ProtectProc = "invisible";
    };
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      proxyPass = "http://${host}:${toString port}";
      #proxyWebsockets = true;
    };
  };

}