{ config, pkgs, lib, ... }:
let
  cfg = config.services.microbin;
  domain = "p.feal.no";
  address = "127.0.1.2";
  port = 5006;
in {

  services.microbin = {
    enable = true;
    passwordFile = config.sops.secrets."microbin/secrets".path;
    settings = {
      MICROBIN_BIND = address;
      MICROBIN_DISABLE_TELEMETRY = true;
      MICROBIN_ENABLE_BURN_AFTER = true;
      MICROBIN_FOOTER_TEXT = "Be nice or go away";
      MICROBIN_NO_FILE_UPLOAD = true;
      MICROBIN_NO_LISTING = true;
      MICROBIN_PORT = port;
      MICROBIN_PUBLIC_PATH = "https://${domain}/";
      MICROBIN_QR = true;
      MICROBIN_TITLE = "Temporary pasta collection";
    };
  };

  sops.secrets."microbin/secrets" = { };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;

    listen = [
      { addr = "192.168.10.175"; port = 43443; ssl = true; }
      { addr = "192.168.10.175"; port = 43080; ssl = false; }
    ];

    locations."/" = {
      proxyPass = "http://${address}:${toString port}";
    };
  };
}