{pkgs, config, ...}:


let
  haccpkgssrc = pkgs.fetchgit {
    url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
    rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b";
    sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz";
  };
  haccpkgs = import "${haccpkgssrc}";
  fediventure = pkgs.fetchgit {
    url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple";
    rev = "f32d3c5efd39df558f80b862c60b2866c567d999";
    sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx";
  };
in

{

  containers.wa-test = {
    autoStart = true;
    privateNetwork = true;
    hostAddress6 = "fd00::42:20";
    localAddress6 = "fd00::42:21";
    
    config = {config, pkgs, ...}: {
      imports = [ "${fediventure}/workadventure.nix"  ];
      networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ];

      services.workadventure.instances."space.stuebinm.eu" = {
        nginx.default = true;
        nginx.domain = "space.stuebinm.eu";
        maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
        frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json";
        frontend.settings = {
          stunServer = "stun:chaski.stuebinm.eu:3478";
          turnServer = "turn:95.217.159.23";
          turnUser = "chaski";
          turnPassword = "chaski";
          jitsiUrl = "meet.ffmuc.net";
        };
      };
      
      services.prometheus = {
        enable = true;
        port = 9001;
        scrapeConfigs = [ {
          job_name = "workadventure-back";
          static_configs = [ {
            targets = [ "localhost:8080" ];
          } ];
        } ];
      };
      
      services.grafana = {
        enable = true;
        port = 5000;
        addr = "[::]";
        rootUrl = "https://space.stuebinm.eu/metrics/";
        auth.anonymous.enable = true;
        provision = {
          enable = true;
          datasources = [ {
            name = "workadventure";
            type = "prometheus";
            url = "http://localhost:9001";
          } ];
        };
      };

      systemd.services.goaccess = {
        enable = true;
        description = "Uses goaccess to publish a neat acces log on /var/www/index.html";
        requires = [ "nginx.service" ];
        wantedBy = [ "multi-user.target" ];
        serviceConfig.Type = "simple";
        path = [ pkgs.goaccess ];
        environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos
        script = ''
            mkdir -p /var/www-goaccess/
            goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html
        '';
      };

      services.nginx.virtualHosts."space.stuebinm.eu" = {
        locations."/stats/".alias = "/var/www-goaccess/";
      };
    };
  };
  
  services.nginx.virtualHosts."space.stuebinm.eu" = {
     extraConfig = ''
       proxy_read_timeout 300s;
       proxy_connect_timeout 75s;
     '';
     locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/";
     locations."/metrics/".proxyWebsockets = true;
     locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80";
     locations."/".proxyWebsockets = true;
     enableACME = true;
     forceSSL = true;
  };
}