{ config, lib, pkgs, ... }:

{
  imports = [
    ./module.nix # From danio, pending upstreaming
  ];

  disabledModules = [ "services/web-servers/bluemap.nix" ];

  sops.secrets."bluemap/ssh-key" = { };
  sops.secrets."bluemap/ssh-known-hosts" = { };

  services.bluemap = {
    enable = true;
    eula = true;

    host = "minecraft.pvv.ntnu.no";

    defaultWorld = "/var/lib/bluemap/world";
  };

  services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
    enableACME = true;
    forceSSL = true;
  };

  # TODO: render somewhere else lmao
  systemd.services."render-bluemap-maps" = {
    preStart = ''
      mkdir -p /var/lib/bluemap/world
      ${pkgs.rsync}/bin/rsync \
        -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" \
        -avz --no-owner --no-group \
        root@innovation.pvv.ntnu.no:/ \
        /var/lib/bluemap/world
    '';
    serviceConfig = {
      LoadCredential = [
        "sshkey:${config.sops.secrets."bluemap/ssh-key".path}"
        "ssh-known-hosts:${config.sops.secrets."bluemap/ssh-known-hosts".path}"
      ];
    };
  };
}