{ config, ... }:
let
  domain = "firefly.hoyer.world";
  importDomain = "firefly-import.hoyer.world";
  vhostBase = {
    enableACME = false;
    useACMEHost = "internal.hoyer.world";
    forceSSL = true;
  };
in
{
  sops.secrets."firefly/app_key" = {
    sopsFile = ../../../.secrets/sgx/firefly.yaml;
    owner = "firefly-iii";
  };

  services = {
    firefly-iii = {
      enable = true;
      enableNginx = true;
      virtualHost = domain;
      settings = {
        APP_ENV = "production";
        APP_KEY_FILE = config.sops.secrets."firefly/app_key".path;
        SITE_OWNER = "harald.hoyer@gmail.com";
        TZ = "Europe/Berlin";
        DEFAULT_LANGUAGE = "de_DE";
        DEFAULT_LOCALE = "de_DE";
        TRUSTED_PROXIES = "**";
        LOG_CHANNEL = "stack";
      };
    };

    firefly-iii-data-importer = {
      enable = true;
      enableNginx = true;
      virtualHost = importDomain;
      settings = {
        FIREFLY_III_URL = "https://${domain}";
        VANITY_URL = "https://${importDomain}";
        TZ = "Europe/Berlin";
      };
    };

    nginx.virtualHosts = {
      ${domain} = vhostBase;
      ${importDomain} = vhostBase;
    };
  };
}