{pkgs, ...}:

let
  # Import package
  redstringSource = builtins.fetchGit {
    url = "https://git.alogoulogoi.com/Jaculabilis/redstring.git";
    ref = "master";
    rev = "440301d737b3c565b3860741d11097a7a5fcbfd1";
  };
  redstring = pkgs.callPackage redstringSource {};

  # Define the data directory
  redstringDir = "/var/lib/redstring/";
  redstringData = "${redstringDir}docs/";

  # Define the service user
  redstringUser = {
    name = "redstring";
    description = "redstring service user";
    isSystemUser = true;
  };

  # Create the config file in the nix store
  redstringConfigAttrs = {
    "root" = redstringData;
    "password_file" = "${redstringDir}login";
  };
  redstringConfig = pkgs.writeTextFile { name = "redstring-config.json"; text = (builtins.toJSON redstringConfigAttrs); };

  # Create a setup script to ensure the data directory exists
  redstringSetup = pkgs.writeShellScriptBin "redstring-setup.sh" ''
    # Ensure the service directory
    ${pkgs.coreutils}/bin/mkdir -p ${redstringData}

    # Ensure ownership
    chown -R ${redstringUser.name} ${redstringDir}
    chmod 700 ${redstringDir}
  '';

  # Create a run script for the server
  redstringRun = pkgs.writeShellScriptBin "redstring-run.sh" ''
    cd ${redstringDir}
    ${redstring}/bin/gunicorn \
      --bind=localhost:24144 \
      --workers=4 \
      --log-level info \
      --env REDSTRING_CONFIG=${redstringConfig} \
      "redstring.server:wsgi()"
  '';
in
{
  users.users.redstring = redstringUser;

  # Run the setup script on activation
  system.activationScripts.redstringSetup = "${redstringSetup}/bin/redstring-setup.sh";

  # Set up the inquisitor service
  systemd.services.redstring =
  {
    description = "redstring server";
    script = "${redstringRun}/bin/redstring-run.sh";
    serviceConfig = {
      User = "${redstringUser.name}";
      Type = "simple";
    };
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    enable = true;
  };

  # Configure nginx to forward to the server at the docs subdomain
  services.nginx.virtualHosts."docs.alogoulogoi.com" = {
    enableACME = true;
    forceSSL = true;
    extraConfig = ''
      access_log /var/log/nginx/access.docs.log;
    '';
    locations."/".extraConfig = ''
      proxy_buffering off;
      proxy_pass http://localhost:24144/;
    '';
  };
}