{ config, pkgs, lib, ... }:
let
  cfg = config.my.services.navidrome;
  secrets = config.age.secrets;
in
{
  options.my.services.navidrome = with lib; {
    enable = mkEnableOption "Navidrome Music Server";
    vhostName = mkOption {
      type = types.str;
      example = "music.fcuny.net";
      description = "Name for the virtual host";
    };
    musicFolder = mkOption {
      type = types.str;
      example = "/data/fast/music";
      description = "Music folder";
    };
  };

  config = lib.mkIf cfg.enable {
    services.navidrome = {
      enable = true;
      settings = { MusicFolder = cfg.musicFolder; };
    };

    services.nginx.virtualHosts."${cfg.vhostName}" = {
      forceSSL = true;
      useACMEHost = cfg.vhostName;
      listen = [
        {
          addr = "100.85.232.66";
          port = 443;
          ssl = true;
        }
        {
          addr = "100.85.232.66";
          port = 80;
          ssl = false;
        }
      ];
      locations."/" = {
        proxyPass = "http://127.0.0.1:4533";
        proxyWebsockets = true;
      };
    };

    security.acme.certs."${cfg.vhostName}" = {
      dnsProvider = "gcloud";
      credentialsFile = secrets."acme/credentials".path;
    };

    my.services.backup = {
      paths = [ "/var/lib/navidrome" ];
      exclude = [ "/var/lib/navidrome/cache/" ];
    };
  };
}