{ config, lib, dgn-lib, ... }:

let
  inherit (dgn-lib) setDefault;

  host = "videos.dgnum.eu";

in {
  services.peertube = {
    enable = true;

    settings = {
      object_storage = {
        enabled = true;

        endpoint = "s3.dgnum.eu";
        region = "garage";

        videos = {
          bucket_name = "peertube-videos-dgnum";
          prefix = "web-videos";
        };

        streaming_playlists = {
          bucket_name = "peertube-videos-dgnum";
          prefix = "streaming-playlists";
        };
      };
    };

    localDomain = host;
    configureNginx = true;
    listenWeb = 443;
    enableWebHttps = true;

    redis.createLocally = true;
    database.createLocally = true;

    # smtp.passwordFile = "";
    serviceEnvironmentFile =
      config.age.secrets."peertube-service_environment_file".path;
    secrets.secretsFile = config.age.secrets."peertube-secrets_file".path;
  };

  services.nginx.virtualHosts.${host} = {
    enableACME = true;
    forceSSL = true;
  };

  dgn-secrets.options = [
    (setDefault { owner = "peertube"; }
      (builtins.filter (lib.hasPrefix "peertube-") config.dgn-secrets.names))
  ];
}