{ config, pkgs, lib, ... }:
let
  network = import ../data/network.nix;
  rproxyServices = builtins.mapAttrs (name: service: {
    serverName = "${name}.${network.local_domain}";
    listen = [ {addr = "0.0.0.0"; port = 80;} ];
    locations = {
      "/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
        proxyWebsockets = true;
      };
    };
    extraConfig = ''
      allow ${network.network.subnet};
      deny all;
    '';
  }) network.reverse_proxy;
  serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
  fallback = {
    serverName = "_";
    listen = [ {addr = "0.0.0.0"; port = 80;} ];
    locations."/" = {
      return = "404";
      extraConfig = ''
        add_header Content-Type text/plain;
      '';
    };

    extraConfig = ''
      return 404 "This domain is not configured. Available services: ${serviceNamesMessage}";
    '';
  };
in {
  services.nginx = {
    enable = true;

    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;

    virtualHosts = rproxyServices // {fallback = fallback;};
  };

  # TODO add 443 for https
  networking.firewall.allowedTCPPorts = [80];
}