# nas indexer server module
{ pkgs, ... }:

let
  # Build the catacomb server package
  catacombServerSource = builtins.fetchGit {
    url = "https://git.alogoulogoi.com/Jaculabilis/catacomb-server.git";
    ref = "develop-nix";
    rev = "3d6fb16948c377f94d030648849f120c8ada3884";
  };
  catacombServer = pkgs.callPackage catacombServerSource {};

  catacombUser = "tvb";

  # Define the service directory, which pretty much only stores tokens
  catacombServerDir = "/var/lib/nas-indexer/";

  # The address to bind to
  bindAddr = "10.22.20.2";

  # Create a setup script to ensure the token directory exists
  catacombSetup = pkgs.writeShellScriptBin "catacomb-setup.sh" ''
    ${pkgs.coreutils}/bin/mkdir -p ${catacombServerDir}tokens
    chown -R ${catacombUser} ${catacombServerDir}
  '';

  # Host-mode server run script
  hostRun = pkgs.writeShellScriptBin "catacomb-run-host.sh" ''
    cd ${catacombServerDir}
    ${catacombServer}/bin/gunicorn \
      --bind=localhost:5000 \
      --workers=3 \
      --log-level=debug \
      --env CATACOMB_ROOT=/nas \
      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
      --env CATACOMB_MODE=host \
      --env CATACOMB_GUEST_HOST=catacomb.alogoulogoi.com \
      "catacomb.server:wsgi()"
  '';

  # Guest-mode server run script
  guestRun = pkgs.writeShellScriptBin "catacomb-run-guest.sh" ''
    cd ${catacombServerDir}
    ${catacombServer}/bin/gunicorn \
      --bind=localhost:5001 \
      --workers=3 \
      --log-level=debug \
      --env CATACOMB_ROOT=/nas \
      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
      --env CATACOMB_MODE=guest \
      "catacomb.server:wsgi()"
  '';

  # Guest-mode auth server for direct nginx file serving
  accessRun = pkgs.writeShellScriptBin "catacomb-run-access.sh" ''
    cd ${catacombServerDir}
    ${catacombServer}/bin/gunicorn \
      --bind=localhost:5002 \
      --workers=3 \
      --log-level=debug \
      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
      "catacomb.access.nginx:wsgi()"
  '';

in
{
  # Run the setup script on activation
  system.activationScripts.catacombSetup = "${catacombSetup}/bin/catacomb-setup.sh";

  # Set up the host mode service
  systemd.services."catacomb-host" = {
    enable = true;
    description = "catapool host-mode index server";
    script = "${hostRun}/bin/catacomb-run-host.sh";
    serviceConfig = {
      Type = "simple";
      WorkingDirectory = "${catacombServerDir}";
    };
    requires = [ "zfs.target" ];
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
  };

  # Set up the guest mode service
  systemd.services."catacomb-guest" = {
    enable = true;
    description = "catapool guest-mode index server";
    script = "${guestRun}/bin/catacomb-run-guest.sh";
    serviceConfig = {
      Type = "simple";
      User = "${catacombUser}";
      WorkingDirectory = "${catacombServerDir}";
    };
    requires = [ "zfs.target" ];
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
  };

  # Set up the access server service
  systemd.services."catacomb-access" = {
    enable = true;
    description = "catapool access token authenticator";
    script = "${accessRun}/bin/catacomb-run-access.sh";
    serviceConfig = {
      Type = "simple";
      User = "${catacombUser}";
      WorkingDirectory = "${catacombServerDir}";
    };
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
  };

  networking.firewall.allowedTCPPorts = [ 80 7470 7471 7472 ];

  # Set up nginx to reverse proxy to these services
  services.nginx = {
    enable = true;

    # Serve the host server over the internal ip at the default port
    virtualHosts."catacomb-host-server" = {
      listen = [ { addr = bindAddr; } ];
      root = "/nas";
      locations."/".tryFiles = "\$uri @indexer";
      locations."@indexer".proxyPass = "http://localhost:5000";
    };

    # Serve the guest server over the internal ip at a custom port
    virtualHosts."catacomb-guest-server" = {
      listen = [ { addr = bindAddr; port = 7472; } ];
      extraConfig = ''
        access_log /var/log/nginx/access.guest-server.log;
      '';
      locations."/".proxyPass = "http://localhost:5001";
    };

    # Serve the auth server at a custom port internally
    virtualHosts."catacomb-auth" = {
      listen = [ { addr = bindAddr; port = 7471; } ];
      extraConfig = ''
        access_log /var/log/nginx/access.guest-auth.log;
      '';
      locations."/".proxyPass = "http://localhost:5002";
    };

    # Serve files at a custom port internally
    virtualHosts."catacomb-guest-files" = {
      listen = [ { addr = bindAddr; port = 7470; } ];
      extraConfig = ''
        access_log /var/log/nginx/access.guest-files.log;
      '';
      locations."/".root = "/nas";
    };
  };

  # Allow nginx to read catapool files
  users.users.nginx.extraGroups = ["nas"];
}