{ config, pkgs, lib, ... }:
let
  cfg = config.services.vm_netbox;
in
{
  options.services.vm_netbox = {
    enable = lib.mkEnableOption "Enable minimal config";
    db_ip = lib.mkOption {
      type = lib.types.str;
      description = "netbox database IP address";
    };
  };
  config = lib.mkIf cfg.enable {
    services.netbox = {
      enable = true;
      port = 8001;
      settings = {
        ALLOWED_HOSTS = [ "*" ];
        DATABASE = lib.mkForce {
          ENGINE = "django.db.backends.postgresql";
          NAME = "netbox";
          USER = "netbox";
          PASSWORD = "Netbox43Zer!";
          HOST = "192.168.1.13";
          PORT = 5432;
          CONN_MAX_AGE = 300;
        };
        REDIS = {
          tasks = {
            HOST = "192.168.1.16";
            PORT = 6379;
            USERNAME = "";
            PASSWORD = "";
            DATABASE = 0;
            SSL = false;
          };
          caching = {
            HOST = "192.168.1.16";
            PORT = 6379;
            USERNAME = "";
            PASSWORD = "";
            DATABASE = 1;
            SSL = false;
          };
        };
        CSRF_COOKIE_NAME = "csrftoken";
        CSRF_TRUSTED_ORIGINS = [
          "http://192.168.1.40"
          "https://netbox.le43.eu"
        ];
        DEBUG = false;
      };
      secretKeyFile = "/run/secrets/netbox/keyFile";
    };
    services.nginx = {
      enable = true;
      user = "netbox";
      clientMaxBodySize = "25m";

      virtualHosts."192.168.1.45" = {
        locations = {
          "/" = {
            proxyPass = "http://localhost:8001";
          };
          "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
        };
        forceSSL = false;
        enableACME = false;
      };
    };
    networking.firewall.allowedTCPPorts = [ 80 8001 ];
  };
}