{ config, lib, pkgs, ... }:

let
  domain = "s3.giugl.io";

  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  services = {
    minio = {
      enable = true;
      package = pkgs.minio_legacy_fs;
    };

    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:9000";
        extraConfig = ''
          client_max_body_size 500M;
          allow ${config.architect.networks.lan.net};
          allow ${config.architect.networks.tailscale.net};
          deny all;
        '';
      };
    };
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
}