# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{
  pkgs,
  sources,
  config,
  ...
}:
let
  host = "nimbolus.dgnum.eu";
  port = 9008;
in
{
  imports = [ ./module.nix ];
  services.nimbolus-tf = {
    enable = true;
    package = (import sources.kat-pkgs { inherit pkgs; }).nimbolus-tf-backend;
    settings = {
      LISTEN_ADDR = "127.0.0.1:${toString port}";

      STORAGE_BACKEND = "s3";
      STORAGE_S3_ENDPOINT = "s3.dgnum.eu";
      STORAGE_S3_USE_SSL = "true";
      STORAGE_S3_BUCKET = "nimbolus-dgnum";
      STORAGE_S3_ACCESS_KEY = "GKefa111701f349de3988f0010";

      # TODO: configure openBAO
      # AUTH_BASIC_ENABLED = "false";
      # AUTH_JWT_OIDC_ISSUER_URL = "https://vault.dgnum.eu/v1/identity/oidc";
    };

    credentials = {
      KMS_KEY_FILE = config.age.secrets."nimbolus-kms_key".path;
      STORAGE_S3_SECRET_KEY_FILE = config.age.secrets."nimbolus-s3_secret".path;
    };
  };

  dgn-web.simpleProxies.nimbolus = {
    inherit host port;
  };
}