# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ../../modules
  ];

  sbruder = {
    nginx.hardening.enable = true;
    full = false;
  };

  networking.hostName = "catering";

  system.stateVersion = "23.05";

  services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {
      "catering.salespointframework.org" = {
        enableACME = true;
        forceSSL = true;

        locations = {
          "/" = {
            proxyPass = "http://localhost:8080";
            extraConfig = ''
              sub_filter '</script>' '</script><script src="/dev.js"></script>';
              sub_filter_once on;
            '';
          };
          "= /dev.js".alias = pkgs.writeText "dev.js" ''
            addEventListener("load", event => {
              document.querySelector("footer").appendChild((() => {
                let el = document.createElement("p")
                el.classList.add("text-center", "fw-bold")
                el.innerText = "Alle Angebot sind fiktiv!"
                return el
              })())

              if (localStorage.getItem("devAck") !== "true") {
                if (confirm("Alle hier präsentierten Angebote sind fiktiv, es können keine rechtsverbindlichen Verträge geschlossen werden. Mit dem Fortfahren bestätigen Sie, dies verstanden zu haben.")) {
                  localStorage.setItem("devAck", "true")
                } else {
                  location = "about:blank"
                }
              }
            })
          '';
        };
      };

      "www.mampf.shop" = {
        forceSSL = true;
        enableACME = true;
        globalRedirect = "catering.salespointframework.org";
      };

      "mampf.shop" = {
        forceSSL = true;
        enableACME = true;
        globalRedirect = "catering.salespointframework.org";
      };

      "presi.catering.salespointframework.org" = {
        enableACME = true;
        forceSSL = true;

        root = "/var/www/presi.catering.salespointframework.org";

        locations."/".tryFiles = "/main.pdf =404";
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d /var/www/presi.catering.salespointframework.org 0755 catering catering - -"
  ];

  users.users.catering = {
    isSystemUser = true;
    group = "catering";
    useDefaultShell = true;
    home = "/var/lib/catering";
    createHome = true;

    openssh.authorizedKeys.keys = config.sbruder.pubkeys.trustedKeys;
  };
  users.groups.catering = { };

  sbruder.static-webserver.vhosts = {
    "salespointframework.org" = {
      redirects = [ "www.salespointframework.org" "salespointframe.work" "www.salespointframe.work" ];
      user = {
        name = "salespoint";
        keys = config.sbruder.pubkeys.trustedKeys;
      };
    };
    "verkaufspunktrahmenwerk.de" = {
      redirects = [ "www.verkaufspunktrahmenwerk.de" "verkaufspuntrahmenwerk.de" "www.verkaufspuntrahmenwerk.de" ];
      user = {
        name = "verkaufspunkt";
        keys = config.sbruder.pubkeys.trustedKeys;
      };
    };
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
}