{ config, pkgs, lib, ... }:
let
  cfg = config.my.services.navidrome;
  secrets = config.age.secrets;
in {
  options.my.services.navidrome = with lib; {
    enable = mkEnableOption "Navidrome Music Server";
    musicFolder = mkOption {
      type = types.str;
      example = "/data/fast/music";
      description = "Music folder";
    };
  };

  config = lib.mkIf cfg.enable {
    services.navidrome = {
      enable = true;
      settings = {
        MusicFolder = cfg.musicFolder;
        Address = "0.0.0.0";
        httpPort = "4533";
      };
    };

    services.nginx.virtualHosts."music.fcuny.xyz" = {
      forceSSL = true;
      useACMEHost = "music.fcuny.xyz";
      locations."/" = {
        proxyPass = "http://127.0.0.1:4533";
        proxyWebsockets = true;
      };
    };

    security.acme.certs."music.fcuny.xyz" = {
      dnsProvider = "gcloud";
      credentialsFile = secrets."acme/credentials".path;
    };

    my.services.backup = { paths = [ "/var/lib/navidrome" ]; };
    networking.firewall.allowedTCPPorts = [ 4533 ];
  };
}