{ config, lib, pkgs, ... }:
let
  cfg = config.services.httpd;

  # https://nixos.org/manual/nixpkgs/stable/#ssec-php-user-guide-installing-with-extensions
  phpEnv = pkgs.php.buildEnv {
    extensions = { all, ... }: with all; [
      imagick
      opcache
    ];

    extraConfig = ''
      display_errors=0
      post_max_size = 40M
      upload_max_filesize = 40M
      extension=sysvsem.so
    '';
  };

  perlEnv = pkgs.perl.withPackages (ps: with ps; [
    TextPDF
  ]);

  # https://nixos.org/manual/nixpkgs/stable/#python.buildenv-function
  pythonEnv = pkgs.python3.buildEnv.override {
    extraLibs = with pkgs.python3Packages; [
      matplotlib
      requests
    ];
    ignoreCollisions = true;
  };

  # https://nixos.org/manual/nixpkgs/stable/#sec-building-environment
  fhsEnv = pkgs.buildEnv {
    name = "userweb-env";
    paths = with pkgs; [
      bash

      perlEnv
      phpEnv
      pythonEnv

      gnuplot
    ];
  };
in
{
  services.httpd = {
    enable = true;
    adminAddr = "drift@pvv.ntnu.no";

    enablePHP = true;
    phpPackage = phpEnv;

    enablePerl = true;

    extraModules = [
      "userdir"
      # TODO: I think the compilation steps of pkgs.apacheHttpdPackages.mod_perl might have some
      #       incorrect or restrictive assumptions upstream, either nixpkgs or source
      # {
      #   name = "perl";
      #   path = let
      #     mod_perl = pkgs.apacheHttpdPackages.mod_perl.override {
      #       apacheHttpd = cfg.package.out;
      #       perl = perlEnv;
      #     };
      #   in "${mod_perl}/modules/mod_perl.so";
      # }
    ];

    # virtualHosts."userweb.pvv.ntnu.no" = {
    virtualHosts."temmie.pvv.ntnu.no" = {
      forceSSL = true;
      enableACME = true;

      extraConfig = ''
        UserDir /home/pvv-merged/*/web-docs
        UserDir disabled root
        UserDir enabled oysteikt
        AddHandler cgi-script .cgi

        <Directory "/home/pvv-merged/*/web-docs">
          Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI IncludesNoExec
          AllowOverride All
          Require all granted
        </Directory>
      '';
    };
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  systemd.services.httpd = {
    after = [ "pvv-homedirs.target" ];
    requires = [ "pvv-homedirs.target" ];

    serviceConfig = {
      ProtectHome = "tmpfs";

      ConfigurationDirectory = [ "httpd" ];

      MountAPIVFS = true;
      RootDirectory = fhsEnv;
      BindReadOnlyPaths = [
        builtins.storeDir
        "/etc"
      ];
      BindPaths = let
        homeLetters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
      in (map (l: "/run/pvv-home-mounts/${l}:/home/pvv/${l}") homeLetters) ++ [
        "/run/pvv-home-mounts-merged:/home/pvv-merged/"
      ];
    };
  };

  # TODO: create phpfpm pools with php environments that contain packages similar to those present on tom
}