# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ config, depot, lib, ... }:
{
  users.users.tumblrandom = {
    isSystemUser = true;
    group = "tumblrandom";
  };
  users.groups.tumblrandom = {};

  systemd.services.tumblrandom = {
    description = "Tumblrandom";
    wants = ["network-online.target"];
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      StateDirectory = "tumblrandom";
      ExecStart = "${depot.go.tumblrandom}/bin/tumblrandom -addr=${config.my.ip.tailscale}:10908,[${config.my.ip.tailscale6}]:10908 -base_url=https://tumblrandom.int.lukegb.com";
      StateDirectoryMode = "0700";
      User = "tumblrandom";
      Restart = "always";
      EnvironmentFile = config.my.vault.secrets.tumblrandom-environment.path;
    };
  };
  my.vault.secrets.tumblrandom-environment = {
    reloadOrRestartUnits = ["tumblrandom.service"];
    group = "tumblrandom";
    template = ''
      {{ with secret "kv/apps/tumblrandom" }}
      OAUTH_CLIENT_ID={{ .Data.data.oauth_client_id }}
      OAUTH_CLIENT_SECRET={{ .Data.data.oauth_client_secret }}
      {{ end }}
    '';
  };
}