{ config, ... }:

let
  paths = [
    "/srv"
    "/home/cadey/.weechat"
    "/home/mai/.weechat"
    "/home/cadey/life"
    "/home/cadey/org"
    "/var/lib/acme"
    "/var/lib/gitea"
    "/var/lib/mysql"
    "/var/lib/tor/onion"
    "/srv/http/xena.greedo.xeserv.us/articles"
    "/srv/http/xena.greedo.xeserv.us/books"
    "/srv/http/xena.greedo.xeserv.us/css"
    "/srv/http/xena.greedo.xeserv.us/fics"
    "/srv/http/xena.greedo.xeserv.us/pkg"
    "/srv/http/xena.greedo.xeserv.us/repo"
    "/srv/http/xena.greedo.xeserv.us/templates"
    "/srv/http/xena.greedo.xeserv.us/tumblr"
    "/srv/gemini"
    "/home/cadey/prefix/flightjournal"
    "/run/keys"
    "/home/cadey/backup/ponychat"
    "/home/cadey/backup/shadowh511"
    "/home/cadey/go/src"
    "/home/cadey/code"
    "/home/cadey/prefix"
    "/home/cadey/backup/construct"
    "/home/cadey/backup/greedo"
    "/home/cadey/backup/luna"
    "/home/cadey/backup/tulpa"
  ];
  exclude = [
    # temporary files created by cargo
    "**/target"
    "/home/cadey/prefix/aura"
    "/srv/http/xena.greedo.xeserv.us"
    "/srv/backup"

    "/var/lib/docker"
    "/var/lib/systemd"
    "/var/lib/libvirt"
    "'**/.cache'"
    "'**/.nix-profile'"
    "'**/.elm'"
    "'**/.emacs.d'"
  ];
in {
  # services.borgbackup.jobs."hetzner" = {
  #   inherit paths exclude;
  #   repo = "ssh://u252481@u252481.your-storagebox.de:23/./lufta";
  #   encryption = {
  #     mode = "repokey-blake2";
  #     passCommand = "cat /root/borgbackup_passphrase";
  #   };
  #   environment.BORG_RSH = "ssh -i /root/.ssh/id_rsa";
  #   compression = "auto,lzma";
  #   startAt = "daily";
  # };

  within = {
    backups = {
      inherit exclude paths;
      enable = true;
      repo = "57196@usw-s007.rsync.net:lufta";
    };

    services = {
      # webapps
      aura = {
        enable = true;
        domain = "pvfmsets.cf";
      };

      mi = {
        enable = false;
        useACME = true;
        domain = "mi.within.website";
        port = 38184;
      };

      printerfacts = {
        enable = true;
        useACME = true;
        domain = "printerfacts.cetacean.club";
      };

      xesite = {
        enable = true;
        useACME = true;
        domain = "christine.website";
      };

      # gemini server
      rhea = {
        enable = true;
        sites = [rec {
          domain = "cetacean.club";
          certPath = "/run/${domain}.crt";
          keyPath = "/run/${domain}.key";
          files = {
            root = "/srv/gemini/${domain}";
            autoIndex = true;
            userPaths = false;
          };
        }];
      };

      # bots
      aerial.enable = true;
      tron.enable = true;
      withinbot.enable = false;

      # static sites
      lewa = {
        enable = true;
        useACME = true;
        domain = "lewa.within.website";
      };

      tulpanomicon.enable = true;
      graphviz.enable = true;
    };
  };

  xeserv.services = {
    aegis = {
      enable = true;
      hostport = "[::]:43705";
      sockdir = "/srv/within/run";
    };

    todayinmarch2020.enable = true;
    within-website.enable = true;
  };

  age.secrets = {
    "cetacean-club-cert" = {
      file = ../../secret/cetacean.club.crt.age;
      path = "/run/cetacean.club.crt";
    };
    "cetacean-club-key" = {
      file = ../../secret/cetacean.club.key.age;
      path = "/run/cetacean.club.key";
    };

    aerial-env = {
      file = ../../secret/aerial.env.age;
      path = "/srv/within/aerial/.env";
      owner = "aerial";
      group = "within";
      mode = "600";
    };

    aura-env = {
      file = ../../secret/aura.env.age;
      path = "/srv/within/aura/.env";
      owner = "aura";
      group = "within";
      mode = "600";
    };

    xesite = {
      file = ../../secrets/xesite.env.age;
      path = "/srv/within/xesite/.env";
      owner = "xesite";
      group = "within";
      mode = "0400";
    };
  };
}