{ pkgs, workspace, ... }:

let
  name = "laserproxy";
  user = name;
  group = name;
in {
  users.users."${user}" = {
    group           = "${group}";
    isSystemUser = true;
    uid = 1004;
  };
  users.groups."${group}" = {};

  systemd.services."${name}" = {
    description = "Logging packet log from nftables";
    wantedBy    = [ "multi-user.target" ];
    after = ["network-addresses-laser.service"];

    serviceConfig.User = "${user}";
    serviceConfig.Type = "simple";
    serviceConfig.Restart = "always";
    serviceConfig.RestartSec = "30";
    serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
  };

  services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {
    listen = [
      { addr = "10.8.1.2"; port=80; ssl=false; }
      #{ addr = "10.8.1.2"; port=433; ssl=true; }
    ];
    locations."/" = {
      proxyPass = "http://127.0.0.1:2137/";
      extraConfig = ''
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host:$server_port;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-Proto $scheme;

        allow 10.0.0.0/8;
        deny all;
      '';
    };
  };
  
}