{ config, pkgs, ... }:

{

  services.harmonia = {
    enable = true;
    settings.bind = "[::1]:5005";
    signKeyPath = config.sops.secrets.nix-cache-key.path;
  };

  services.nginx.virtualHosts = {
    "nix-cache.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations."= /" = {
        return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n  nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n  nix.settings = {\n    substituters = [\n      "https://nix-cache.clerie.de"\n    ];\n    trusted-public-keys = [\n      "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n    ];\n  }\n\nTry:\n\n  nix build --substituters "https://nix-cache.clerie.de" \\\n  --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n  "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
        '';
      };
      locations."/" = {
        proxyPass = "http://[::1]:5005";
        extraConfig = ''
          proxy_redirect http:// https://;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $connection_upgrade;
        '';
      };
    };
  };

}