{ config, ... }:
let
  inherit (config.networking) domain;
  service_port = 8259;
  db = "hedgedoc";
in {
  services.hedgedoc = {
    # enable = true; # TODO
    enable = false;
    settings = {
      # TODO: kanidm auth
      port = service_port;
      protocolUseSSL = true;
      domain = "pad.${domain}";
      host = "127.0.0.1";
      allowGravatar = false;
      allowPDFExport = true;
      dbURL = "postgres://${db}:${db}@localhost:${toString config.services.postgresql.settings.port}/${db}";

      allowEmailRegister = false;
      allowAnonymous = false;

      loglevel = "none";
    };
  };

  imp.dirs = [
    { directory = "/var/lib/hedgedoc"; user = "hedgedoc"; group = "hedgedoc"; mode = "u=rwx,g=rx,o="; }
  ];

  services.caddy.virtualHosts = {
    "pad.${domain}".extraConfig = ''
      reverse_proxy http://127.0.0.1:${toString service_port}
    '';
  };
}