{ pkgs, ... }:

{
  users.users."chaosevents" = {
    isSystemUser = true;
    group = "chaosevents";
  };

  users.groups."chaosevents" = {};

  systemd.tmpfiles.rules = [
      "d /var/lib/chaosevents - chaosevents chaosevents - -"
  ];

  services.nginx = {
    virtualHosts."chaosevents.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/lib/chaosevents";
    };
  };

  systemd.services."chaosevents" = {
    wantedBy = [ "multi-user.target" ];
    requires = [ "network.target" ];
    after = [ "network.target" ];
    serviceConfig = {
      Type = "oneshot";
      WorkingDirectory = "/var/lib/chaosevents";
      RuntimeDirectory = "chaosevents";
      User = "chaosevents";
      Group = "chaosevents";
      ExecStart = ''
        ${pkgs.chaosevents}/bin/chaosevents /var/lib/chaosevents
      '';
    };
  };

  systemd.timers."chaosevents" = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnCalendar = "hourly";
      RandomizedDelaySec = "1h";
    };
    requires = [ "network-online.target" ];
    after = [ "network-online.target" ];
  };
}