{ pkgs, config, lib, ... }:
with lib;
let
  cfg = config.eboskma.nix-serve;
in
{
  options.eboskma.nix-serve = { enable = mkEnableOption "nix-serve"; };

  config = mkIf (cfg.enable) {
    services.nix-serve = {
      enable = true;
      secretKeyFile = "/var/cache-priv-key.pem";
      bindAddress = "127.0.0.1";
    };

    services.nginx = {
      enable = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "loki.datarift.nl" = {
          serverAliases = [ "loki" ];
          locations."/".proxyPass = "http://localhost:${toString config.services.nix-serve.port}";
        };
      };
    };

    networking.firewall.allowedTCPPorts = [ 80 ];
  };
}