{
  config,
  lib,
  nodes,
  sources,
  ...
}:
let
  inherit (lib)
    concatLists
    mapAttrsToList
    mkForce
    mkMerge
    ;

  inherit (config.statelessUptimeKuma.lib)
    pingProbesFromHive
    fromHive
    httpProbesFromConfig
    probesWithTag
    ;

  probesCfg = config.statelessUptimeKuma.probesConfig;

  mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);

  host = "status.dgnum.eu";

  port = 3001;

  httpExcludes = [
    "localhost"
    "ens.cal.dgnum.eu"
    "luj-current.cal.dgnum.eu"
    "s3.dgnum.eu"
    "cdn.dgnum.eu"
    "saml-idp.dgnum.eu"
    "status.dgnum.eu"
  ] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));

  extraProbes = {
    monitors = {
      "prometheus.dgnum.eu" = {
        type = mkForce "http";
        accepted_statuscodes = [ "401" ];
      };

      "api.meet.dgnum.eu" = {
        keyword = "Crab Fit API";
      };
    };
  };

  status_pages = {
    "dgnum" = {
      title = "DGNum";
      description = "Etat de l'infra de la DGNum";
      showTags = true;
      publicGroupList = [
        {
          name = "Services";
          weight = 1;
          monitorList = mkMonitors "Service";
        }
        {
          name = "Serveurs";
          weight = 2;
          monitorList = mkMonitors "Ping";
        }
        {
          name = "VPN Interne";
          weight = 2;
          monitorList = mkMonitors "VPN";
        }
      ];
    };
  };

  pingProbes = pingProbesFromHive {
    inherit nodes;
    mkHost = _: config: config.networking.fqdn;
    tags = [ { name = "Ping"; } ];
    excludes = [
      "geo01"
      "geo02"
      "rescue01"
    ];
  };

  vpnProbes = pingProbesFromHive {
    inherit nodes;
    prefix = "VPN - ";
    mkHost = node: _: "${node}.dgnum";
    tags = [ { name = "VPN"; } ];
    excludes = [
      "rescue01"
      "web02"
    ];
  };

  httpProbes = fromHive {
    inherit nodes;
    builder =
      _: module:
      httpProbesFromConfig {
        inherit (module) config;
        tags = [
          {
            name = "Host";
            value = module.config.networking.fqdn;
          }
          { name = "Service"; }
        ];
        excludes = httpExcludes;
      };
  };
in
{
  imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
  nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];

  services.uptime-kuma.enable = true;

  services.nginx = {
    enable = true;

    virtualHosts.${host} = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString port}";
        proxyWebsockets = true;
      };
    };
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  statelessUptimeKuma = {
    probesConfig = mkMerge [
      pingProbes
      httpProbes
      extraProbes
      vpnProbes
      { inherit status_pages; }
    ];

    extraFlags = [ "-s" ];

    host = "http://localhost:${builtins.toString port}/";
    username = "dgnum";
    passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
    enableService = true;
  };
}