{ config, lib, ... }:

with lib;

let
  cfg = config.settings.containers.caddy;

  generateRoutes = entries: lib.concatMapStrings (route: ''
    @${route.name} host ${route.host}
    handle @${route.name} {
      reverse_proxy ${route.url}
    }
  '') entries;

  routesOption = lib.mkOption {
    type = types.listOf (types.submodule {
      options = {
        name = mkOption {
          type = types.str;
        };
        url = mkOption {
          type = types.str;
        };
        host = mkOption {
          type = types.str;
        };
      };
    });
  };
in {
  options = {
    settings.containers.caddy.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Enable caddy container
      '';
    };

    settings.containers.caddy.routes.tbmrs = routesOption;
    settings.containers.caddy.routes.tbmrs-local = routesOption;
  };

  config = mkIf cfg.enable {
    services.podman.containers.caddy = {
      image = "localhost/tboomers/caddy-custom:latest";
      network = "proxy";
      networkAlias = [
        "mail.tbmrs.nl"
      ];
      ports = [
        "1080:80"
        "1443:443"
      ];
      volumes = [
        "%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile"
        "%h/containers/caddy/acme_key:/etc/caddy/acme_key"
        "%h/containers/caddy/data:/data"
      ];
    };

    settings.containers.caddy.routes.tbmrs = [
      {
        name = "kanidm";
        host = "auth";
        url = "https://auth.tbmrs.nl";
      }
      {
        name = "forgejo";
        host = "git";
        url = "forgejo:3000";
      }
      {
        name = "immich";
        host = "photos";
        url = "immich-server:2283";
      }
      {
        name = "homepage";
        host = "home";
        url = "homepage:3000";
      }
      {
        name = "uptime-kuma";
        host = "uptime";
        url = "uptime-kuma:3001";
      }
      {
        name = "pingvin-share";
        host = "share";
        url = "pingvin-share:3000";
      }
      {
        name = "dufs";
        host = "files";
        url = "dufs:5000";
      }
      {
        name = "stalwart";
        host = "mail";
        url = "stalwart:8000";
      }
    ];

    home.file."containers/caddy/Caddyfile".text = ''
      *.tbmrs.nl, tbmrs.nl {
        tls {
          dns transip xeovalyte /etc/caddy/acme_key
          resolvers 1.1.1.1
        }

        ${generateRoutes cfg.routes.tbmrs}
      }

      *.local.tbmrs.nl {
        tls {
          dns transip xeovalyte /etc/caddy/acme_key
          resolvers 1.1.1.1
        }

        @vaultwarden host vault.local.tbmrs.nl
        handle @vaultwarden {
          reverse_proxy vaultwarden:80
        }

        @paperless-ngx host paperless.local.tbmrs.nl
        handle @paperless-ngx {
          reverse_proxy paperless-ngx:8000
        }

        @beszel host monitor.local.tbmrs.nl
        handle @beszel {
          reverse_proxy beszel:8090
        }

        @syncthing host syncthing.local.tbmrs.nl
        handle @syncthing {
          reverse_proxy syncthing:8384
        }

        @homeassistant host home-assistant.local.tbmrs.nl
        handle @homeassistant {
          reverse_proxy homeassistant:8123
        }

        @karakeep host karakeep.local.tbmrs.nl
        handle @karakeep {
          reverse_proxy karakeep:3000
        }

        @vikunja host vikunja.local.tbmrs.nl
        handle @vikunja {
          reverse_proxy vikunja:3456
        }

        @linkding host linkding.local.tbmrs.nl
        handle @linkding {
          reverse_proxy linkding:9090
        }
      }
    '';
  };
}