{ config, pkgs, ... }:
with import <stockholm/lib>;

{
  services.nginx.virtualHosts.paste = {
    serverAliases = [ "p.r" ];
    locations."/".extraConfig = ''
      client_max_body_size 4G;
      proxy_set_header Host $host;
      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
    '';
    locations."/image".extraConfig = /* nginx */ ''
      client_max_body_size 40M;

      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
      proxy_pass_header Server;
    '';
  };
  services.nginx.virtualHosts."p.krebsco.de" = {
    enableACME = true;
    addSSL = true;
    serverAliases = [ "p.krebsco.de" ];
    locations."/".extraConfig = ''
      if ($request_method != GET) {
        return 403;
      }
      proxy_set_header Host $host;
      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
    '';
    locations."/image".extraConfig = ''
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://127.0.0.1:${toString config.krebs.htgen.imgur.port};
      proxy_pass_header Server;
    '';
  };

  krebs.htgen.paste = {
    port = 9081;
    script = toString [
      "PATH=${makeBinPath [
        pkgs.nix
        pkgs.file
      ]}:$PATH"
      "STATEDIR=$HOME"
      ". ${pkgs.htgen}/examples/paste"
    ];
  };
  krebs.htgen.imgur = {
    port = 7771;
    script = /* sh */ ''
      (. ${pkgs.htgen-imgur}/bin/htgen-imgur)
    '';
  };
  krebs.iptables.tables.filter.INPUT.rules = [
    { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT";}
  ];
}