{ config, lib, ... }:

let
  domain = "books.giugl.io";
  auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;

  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  services = {
    calibre-web = {
      enable = true;
      group = "media";
      options = {
        enableBookConversion = true;
        enableBookUploading = true;
      };
    };

    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8083";
        extraConfig = ''
          client_max_body_size 500M;
        '' + auth_block { access_role = "calibre"; };
      };
    };
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';

  users.groups.media.members = [ "calibre-web" ];
}