{ config, pkgs, ... }:

let
  domain = "tesla.giugl.io";
  teslamatePort = 11234;
  grafanaPort = 11334;
  allowLan = true;
  allowWAN = false;
in
{
  architect.vhost.${domain} = with config.architect.networks; {
    dnsInterfaces = [ "lan" "tailscale" ];
    locations = {
      "/" = {
        inherit allowLan allowWAN;
        port = teslamatePort;
        proxyWebsockets = true;
        allow = [
          tailscale.net
        ];
      };
      "/live/websocket" = {
        inherit allowLan allowWAN;
        port = teslamatePort;
        proxyWebsockets = true;
        allow = [
          tailscale.net
        ];
      };
      "/grafana" = {
        inherit allowLan allowWAN;
        port = grafanaPort;
        proxyWebsockets = true;
        allow = [
          tailscale.net
        ];
      };
    };
  };

  services.teslamate = {
    enable = true;
    port = teslamatePort;

    listenAddress = "127.0.0.1";
    secretsFile = "/secrets/teslamate/teslamate.env";
    virtualHost = domain;
    postgres.enable_server = true;
    grafana = { enable = true; port = grafanaPort; listenAddress = "127.0.0.1"; urlPath = "/grafana"; };
  };
}