{ config, pkgs, ... }: {
  imports = [ ./secrets ];

  services = {
    netbox = {
      enable = true;
      secretKeyFile = config.age.secrets."netbox".path;
      listenAddress = "127.0.0.1";
      settings = {
        ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
        REMOTE_AUTH_BACKEND =
          "social_core.backends.open_id_connect.OpenIdConnectAuth";
      };

      extraConfig = ''
        from os import environ as env

        SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
        SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
        SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
      '';
    };

    nginx = {
      enable = true;
      virtualHosts."netbox.dgnum.sinavir.fr" = {
        enableACME = true;
        forceSSL = true;

        locations."/".proxyPass =
          "http://${config.services.netbox.listenAddress}:${
            builtins.toString config.services.netbox.port
          }";
        locations."/static/".alias =
          "${config.services.netbox.dataDir}/static/";
      };
    };

    postgresql.package = pkgs.postgresql_14;
  };

  # my server is slow sorry
  systemd.services.netbox.serviceConfig = {
    TimeoutStartSec = 600;
    EnvironmentFile = config.age.secrets."netbox_env".path;
  };

  systemd.services.netbox-housekeeping.serviceConfig = {
    EnvironmentFile = config.age.secrets."netbox_env".path;
  };

  users.users.nginx.extraGroups = [ "netbox" ];
  networking.firewall.allowedTCPPorts = [ 443 80 ];
}