{ config, ... }:
let
  secretFilePath = ../secrets.yaml;
in
{
  sops.secrets."personal-website/database-password".sopsFile = secretFilePath;
  sops.secrets."personal-website/auth-secret".sopsFile = secretFilePath;
  sops.secrets."personal-website/oauth-discord-client-secret".sopsFile = secretFilePath;

  sops.templates."personal-website-postgres.env" = {
    content = ''
      POSTGRES_PASSWORD=${config.sops.placeholder."personal-website/database-password"}
      POSTGRES_USER=chiassoncloud
      POSTGRES_DB=chiassoncloud
    '';
  };

  sops.templates."personal-website.env" = {
    content = ''
      DATABASE_URL=postgresql://chiassoncloud:${config.sops.placeholder."personal-website/database-password"}@personal-website-db:5432/chiassoncloud
      AUTH_SECRET=${config.sops.placeholder."personal-website/auth-secret"}
      AUTH_DISCORD_SECRET=${config.sops.placeholder."personal-website/oauth-discord-client-secret"}
    '';
  };

  services.personalWebsite = {
    enable = true;

    app = {
      image = "ghcr.io/olivierchiasson/personal-website:main";
      ghcr = {
        username = "olivierchiasson";
        passwordFile = config.sops.secrets."swiftshare/ghcr-token".path;
      };

      port = 3001;
      authUrl = "https://chiasson.cloud";
      publicUrl = "https://chiasson.cloud";
      disableTelemetry = true;
      environmentFiles = [ config.sops.templates."personal-website.env".path ];
    };

    database = {
      user = "chiassoncloud";
      name = "chiassoncloud";
      environmentFiles = [ config.sops.templates."personal-website-postgres.env".path ];
    };

    auth.discord.clientId = "1400660345068191855";

    umami = {
      websiteId = "3b2f29d3-11b8-4a3b-bc76-bda3f27926d1";
      scriptUrl = "https://analytics.chiasson.cloud/script.js";
    };
  };
}