{ config, lib, pkgs, ... }:

{
  sops.secrets.netbox-secret-key = {
    sopsFile = ../secrets.yaml;
    owner = "netbox";
  };

  services.netbox = {
    enable = true;
    package = pkgs.netbox;
    secretKeyFile = config.sops.secrets.netbox-secret-key.path;
    plugins = ps: with ps; [
      netbox-inventory
      netbox-topology-views
    ];
    settings = {
      PLUGINS = [
        "netbox_inventory"
        "netbox_topology_views"
      ];
    };
  };

  services.nginx.virtualHosts."netbox.sbruder.de" = {
    enableACME = true;
    forceSSL = true;
    locations = {
      "/".proxyPass = with config.services.netbox; "http://${listenAddress}:${toString port}";
      "/static/".alias = "${config.services.netbox.dataDir}/static/";
    };
  };

  # allow nginx access to static
  users.groups."${config.users.users.netbox.name}".members = [ "nginx" ];
}