# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{
  pkgs,
  sources,
  config,
  ...
}:
let
  host = "nimbolus.dgnum.eu";
  port = 9008;
in
{
  services.nimbolus-tf = {
    enable = true;
    package = (import sources.kat-pkgs { inherit pkgs; }).nimbolus-tf-backend;
    environment = {
      LISTEN_ADDR = "127.0.0.1:${toString port}";
      STORAGE_BACKEND = "s3";
      STORAGE_S3_ENDPOINT = "s3.dgnum.eu";
      STORAGE_S3_USE_SSL = "true";
      STORAGE_S3_BUCKET = "monorepo-terraform-state";

      # TODO: configure openBAO
      # AUTH_BASIC_ENABLED = "false";
      # AUTH_JWT_OIDC_ISSUER_URL = "https://vault.dgnum.eu/v1/identity/oidc";
    };
    secretEnvironment = {
      KMS_KEY = config.age.secrets."nimbolus-kms_key".path;
      STORAGE_S3_ACCESS_KEY = config.age.secrets."nimbolus-s3_access".path;
      STORAGE_S3_SECRET_KEY = config.age.secrets."nimbolus-s3_secret".path;
    };
  };
  dgn-web.simpleProxies.nimbolus = {
    inherit host port;
  };
}