{ config, pkgs, lib, ... }:

let
  domain = "${config.networking.hostName}.${config.networking.domain}";
  mkDomain = subname: "${subname}.${domain}";
  cnt = config.containers.code-server-theo.config;
in {
  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-+"];
    externalInterface = "eno1"; # TODO: can i make this dynamic?
  };

  #imports = [
  #  "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix"
  #];
  #disabledModules = [
  #  "virtualisation/nixos-containers.nix"
  #];

  # data can be destroyed with `nixos-container destroy code-server-theo`
  containers.code-server-theo = {
    autoStart = true;

    # container has no network access
    #
    privateNetwork = true;
    hostAddress = "10.240.100.2";
    localAddress = "10.240.100.3";

    #forwardPorts = [
    #  {
    #    #hostAddress = "127.0.0.1"; # does not exist
    #    hostPort = 53754;
    #    containerPort = 53754;
    #    protocol = "tcp";
    #  }
    #];

    #bindMounts."/home" = {
    #  hostPath = "/var/lib/code-server";
    #  isReadOnly = false;
    #};
    config = { config, pkgs, ... }: {
      system.stateVersion = "22.05";

      #imports = [ <home-manager/nixos> ];
      #home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers
      #home-manager.useGlobalPkgs = true; # brrr
      #home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
      #  programs.git.enable = true;
      #  programs.git.userName = "Theoharis Theoharis";
      #  programs.git.userEmail = "theotheo@ntnu.no";
      #};

      services.code-server = {
        enable = true;
        host = "0.0.0.0"; # container
        port = 53754;
        # if you don't care about security: https://argon2.online/
        hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
        package = pkgs.vscode-with-extensions.override {
          vscode = pkgs.code-server.overrideAttrs (old: {
            passthru.executableName = "code-server";
            passthru.longName = "Visual Studio Code Server";
          });
          #vscodeExtensions = vscode-extensions; [
          vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
            shd101wyy.markdown-preview-enhanced
            sanaajani.taskrunnercode
            tomoki1207.pdf
          ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
            {
              name = "new-railscasts";
              publisher = "carakan";
              version = "1.0.68";
              sha256 = "sha256-uZCAurvZu7QHjTR6ukmYbsI58GpfTo3shdoX/MH2ElA=";
            }
            {
              name = "theme-railscasts";
              publisher = "PaulOlteanu";
              version = "4.0.1";
              sha256 = "sha256-67RNcMr+hvzn2FvapkHLd8OdEBAz8w4cwsGlu0tbCNY=";
            }
            {
              name = "trailscasts";
              publisher = "mksafi";
              version = "1.2.3";
              sha256 = "sha256-mZ9I1BYf8x3lpl5/2sojk+5GMfhDqRBzs6nFkumlPKg=";
            }
            {
              name = "vscode-theme-railscasts-plus";
              publisher = "marlosirapuan";
              version = "0.0.6";
              sha256 = "sha256-8GyyxDeehFo/lGSmA6dfXZ3DMZ/B632ax+9q3+irjws=";
            }
            {
              name = "theme-railscast-next";
              publisher = "edus44";
              version = "0.0.2";
              sha256 = "sha256-RYk6X4iKoEQlKSVhydnwWQJqt884+HC9DZN2aqIbfNI=";
            }
            { # best, but no markdown
              name = "railscasts";
              publisher = "mrded";
              version = "0.0.4";
              sha256 = "sha256-vjfoeRW+rmYlzSuEbYJqg41r03zSfbfuNCfAhHYyjDc=";
            }
            {
              name = "beardedtheme";
              publisher = "BeardedBear";
              version = "7.4.0";
              sha256 = "sha256-8FY9my7v7bcfD0LH5AVNGI2dF1qMLnVp2LR/CiP01NQ=";
            }
          ];
        };
        extraPackages = with pkgs; [
          (writeShellScriptBin "pandoc" ''
            export XDG_DATA_HOME=${pandoc-lua-filters}/share
            exec ${pandoc}/bin/pandoc "$@"
          '')

          (texlive.combine {
            inherit (texlive)
              scheme-small
              titlesec
              fontaxes
              supertabular
              xtab
              # boxed quotes
              mdframed
              zref
              needspace
              soul
              atkinson
            ;
          })

          pandoc-imagine
          haskellPackages.pandoc-crossref
          #haskellPackages.pandoc-plot
          #pandoc-plantuml-filter nodePackages.mermaid-cli

          bash
          git
          bat
          gnumake
          boxes
          graphviz
          #python3Packages.cairosvg

          (python3.withPackages (ps: with ps; [
            numpy
            matplotlib
            #python-lsp-server
          ]))

        ];
      };

      networking.firewall = {
        enable = true;
        allowedTCPPorts = [
          config.services.code-server.port
        ];
      };

    };
  };

  services.nginx.virtualHosts.${mkDomain "code-server"} = {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      #proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
      #proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
      proxyPass = "http://${config.containers.code-server-theo.localAddress}:${toString cnt.services.code-server.port}";
      proxyWebsockets = true;
    };
  };


}