{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.modules.services.rss;
in
{
  options.modules.services.rss = {
    enable = mkEnableOption "RSS Aggregator";
    domain = mkOption { type = types.str; };
    realHost = mkOption { type = types.str; default = "rss.${cfg.domain}"; };
    secrets.admin-password = mkOption { type = types.str; description = "path to file containing admin password"; };
  };

  config = mkIf cfg.enable {
    services.freshrss = {
      enable = true;
      virtualHost = cfg.realHost;
      baseUrl = "https://${cfg.realHost}";

      defaultUser = "admin";
      passwordFile = cfg.secrets.admin-password;

      database = {
        type = "pgsql";
        host = "/run/postgresql";
      };
    };

    environment.persistence."/persist".directories = [
      "/var/lib/freshrss"
    ];

    services.nginx.virtualHosts.${cfg.realHost} = {
      forceSSL = true;
      useACMEHost = cfg.domain;
    };
  };
}