{pkgs, ...}:

{
  users.users.iot-data = {
    description = "IOT Data Service";
    group = "iot-data";
    home = "/var/lib/iot-data/";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.iot-data = {};

  systemd.services.iot-data = {
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      RuntimeDirectory = "iot-data";
      StateDirectory = "iot-data";
      User = "iot-data";
      Group = "iot-data";
    };
    environment = {
      IOT_DATA_CONFIG = "/var/src/iot-data-config.json";
    };
    script = "gunicorn -w 1 -b [::1]:8235 iot_data:app";
    path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn iot-data ])) ];
  };

  services.nginx.virtualHosts = {
    "iot-data.clerie.de" = {
      enableACME = true;
      addSSL = true;
      locations."/" = {
        proxyPass = "http://[::1]:8235";
      };
    };
  };
}