# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

# I don’t do this, because I want to.
# I think I might have to do this because of § 8.2 of Hetzner’s ToS.
{ config, lib, ... }:
let
  serviceBlocks = {
    nitter = [
      { path = "/ks1v/status/1439866313476689924"; report = "2023-04-21-Hetzner-C591581F-ROSKOMNADZOR.txt"; }
    ];
    iv = [
      { video = "NR57D2UVqm4"; report = "2023-04-28-Hetzner-C633C02D-ROSKOMNADZOR.txt"; }
    ];
    libreddit = [
    ];
  };
in
{
  services.nginx.virtualHosts = lib.mapAttrs'
    (domain: blocks: lib.nameValuePair "${domain}.sbruder.xyz" {
      locations = lib.listToAttrs
        (map
          (block:
            let
              # workaround for nginx dropping parent headers
              # see https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
              parentHeaders = lib.concatStringsSep "\n" (lib.filter
                (lib.hasPrefix "add_header ")
                (lib.splitString "\n" config.services.nginx.commonHttpConfig));
              transparency_url = "https://sbruder.xyz/transparency/${block.report}";
              return_statement = ''
                ${parentHeaders}
                add_header Link "<${transparency_url}>; rel=blocked-by" always;
                add_header Content-Type text/html always;
                return 451 '<html><head><title>451 Unavailable For Legal Reasons</title></head><body><center><h1>451 Unavailable For Legal Reasons</h1><p><a href="${transparency_url}">Transparency</a></p></center><hr><center>nginx</center></body></html>';
              '';
              path =
                if block ? "path"
                then block.path
                else
                  (if block ? "video"
                  then "/" # not pretty, but I don’t know how to do this differently
                  else throw "invalid block");
              location_block =
                if block ? "video"
                then {
                  extraConfig = ''
                    if ($arg_v = ${block.video}) {
                      ${return_statement}
                    }
                  '';
                }
                else { extraConfig = return_statement; };
            in
            lib.nameValuePair
              path
              location_block)
          blocks);
    })
    serviceBlocks;
}