{ config, lib, pkgs, ... }:

let
  secrets = config.age.secrets;
  vhostName = "unifi.${config.homelab.domain}";
in
{
  # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/unifi.nix
  services.unifi = {
    enable = true;
    openFirewall = true;
    unifiPackage = pkgs.unifi7;
    mongodbPackage = pkgs.mongodb-4_2;
  };

  services.nginx.virtualHosts."${vhostName}" = {
    forceSSL = true;
    useACMEHost = config.homelab.domain;
    listen = [
      {
        addr = "192.168.6.40";
        port = 443;
        ssl = true;
      }
      {
        addr = "192.168.6.40";
        port = 80;
        ssl = false;
      }
    ];
    locations."/" = {
      proxyPass = "https://127.0.0.1:8443";
      proxyWebsockets = true;
    };
  };

  my.services.backup = { paths = [ "/var/lib/unifi/data/backup" ]; };
}