{ config, lib, pkgs, ... }:

let
  #sources = ../../nix/sources.nix;
  sources = /home/stuebinm/Dokumente/utils/playground/ilztal/server;
in
{
  systemd.services.woitb = {
    enable = true;
    description = "wo ist die ilztalbahn?";
    wantedBy = [ "multi-user.target" ];
    serviceConfig.type = "simple";
    script = "${import sources}/bin/woitb";
  };

  services.nginx.virtualHosts."ilztal.live" = {
    enableACME = true;
    forceSSL = true;
    locations."/".root = pkgs.copyPathToStore
      /home/stuebinm/Dokumente/utils/playground/ilztal/site;

    locations."/upnext".proxyPass = "http://localhost:8000";
    locations."/geoloc".proxyPass = "http://localhost:8000";
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx.appendHttpConfig = ''
     access_log off;
     add_header Permissions-Policy "interest-cohort=()";
  '';
}