{ pkgs, ... }:

let
  configFile = pkgs.writeText "wetter.cfg" ''
  SQLALCHEMY_DATABASE_URI="postgresql://wetter_web@/wetter?host=/run/postgresql"
  '';

in {
  users.users.wetter = {
    description = "Wetter Service";
    group = "wetter";
    home = "/var/lib/wetter/";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.wetter = {};

  users.users.wetter_web = {
    description = "Wetter Web Service";
    group = "wetter_web";
    home = "/var/lib/wetter/";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.wetter_web = {};

  users.users.wetter_scraper = {
    description = "Wetter Scraper";
    group = "wetter_scraper";
    home = "/var/lib/wetter/";
    useDefaultShell = true;
    isSystemUser = true;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4kCYnm6mnPI3nPF5YmYCxeVqL4i02dSIJ9kngxu9rS dwd-scraper"
    ];
  };
  users.groups.wetter_scraper = {};

  services.postgresql = {
    ensureDatabases = [ "wetter" ];
    ensureUsers = [
      {
        name = "wetter";
        ensurePermissions = {
          "DATABASE wetter" = "ALL PRIVILEGES";
        };
      }
      {
        name = "wetter_scraper";
        ensurePermissions = {
          "DATABASE wetter" = "CONNECT";
          "SCHEMA public" = "USAGE";
          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
        };
      }
      {
        name = "wetter_web";
        ensurePermissions = {
          "DATABASE wetter" = "CONNECT";
          "SCHEMA public" = "USAGE";
          "ALL TABLES IN SCHEMA public" = "SELECT";
        };
      }
    ];
  };

#  systemd.services.wetter = {
#    wantedBy = [ "multi-user.target" ];
#    serviceConfig = {
#      RuntimeDirectory = "wetter";
#      StateDirectory = "wetter";
#      User = "wetter_web";
#      Group = "wetter_web";
#    };
#    environment = {
#      WETTER_SETTINGS = "${configFile}";
#    };
#    script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
#    path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
#  };

  services.nginx.virtualHosts = {
    "wetter.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        #proxyPass = "http://[::1]:8234";
        return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"'';
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
        '';
      };
    };
  };
}