# redstring server module
{ pkgs, ... }:

let
  # Import package
  redstringSource = builtins.fetchGit {
    url = "https://git.alogoulogoi.com/Jaculabilis/redstring.git";
    ref = "master";
    rev = "91dd353ad1d48118452a949b15e100b3035bf297";
  };
  redstring = pkgs.callPackage redstringSource {};

  # Define the data directory
  redstringDir = "/var/lib/redstring/";
  redstringData = "${redstringDir}docs/";

  # Define the service user
  redstringUser = {
    name = "redstring";
    description = "redstring service user";
    group = "redstring";
    isSystemUser = true;
  };

  # Create the public server config file in the nix store
  publicConfigAttrs = {
    root = redstringData;
    edit = false;
  };
  publicConfig = pkgs.writeTextFile { name = "redstring-config-external.json"; text = (builtins.toJSON publicConfigAttrs); };

  # Create the private server config file in the nix store
  privateConfig = pkgs.writeTextFile {
    name = "redstring-config-internal.json";
    text = (builtins.toJSON {
      root = redstringData;
      edit = true;
    });
  };

  # Create a setup script to ensure the data directory exists
  redstringSetup = pkgs.writeShellScriptBin "redstring-setup.sh" ''
    # Ensure the service directory
    ${pkgs.coreutils}/bin/mkdir -p ${redstringData}

    # Ensure ownership
    chown -R ${redstringUser.name} ${redstringDir}
    chmod 700 ${redstringDir}
  '';

  # Create a run script for the public server
  publicRun = pkgs.writeShellScriptBin "redstring-run-external.sh" ''
    cd ${redstringDir}
    ${redstring}/bin/gunicorn \
      --bind=localhost:24144 \
      --workers=3 \
      --log-level debug \
      --env REDSTRING_CONFIG=${publicConfig} \
      "redstring.server:wsgi()"
  '';

  # Create a run script for the private server
  privateRun = pkgs.writeShellScriptBin "redstring-run-internal.sh" ''
    cd ${redstringDir};
    ${redstring}/bin/gunicorn \
      --bind=10.7.3.1:24145 \
      --workers=3 \
      --log-level debug \
      --env REDSTRING_CONFIG=${privateConfig} \
      "redstring.server:wsgi()"
  '';
in
{
  users.users.redstring = redstringUser;
  users.groups.redstring = {};

  # Run the setup script on activation
  system.activationScripts.redstringSetup = "${redstringSetup}/bin/redstring-setup.sh";

  # Set up the public redstring service
  systemd.services."redstring-public" =
  {
    description = "redstring public read-only server";
    script = "${publicRun}/bin/redstring-run-external.sh";
    serviceConfig = {
      User = "${redstringUser.name}";
      Type = "simple";
    };
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    enable = true;
  };

  # Set up the private redstring service
  systemd.services."redstring-private" =
  {
    description = "redstring private editable server";
    script = "${privateRun}/bin/redstring-run-internal.sh";
    serviceConfig = {
      User = redstringUser.name;
      Type = "simple";
    };
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    enable = true;
  };

  # Configure nginx to forward to the public server at the docs subdomain
  services.nginx.virtualHosts."docs.alogoulogoi.com" = {
    enableACME = true;
    forceSSL = true;
    extraConfig = ''
      access_log /var/log/nginx/access.docs.log;
    '';
    locations."/".proxyPass = "http://localhost:24144";
  };

  # Open the firewall to the private server's port
  networking.firewall.allowedTCPPorts = [ 24145 ];
}