{ config, ... }:

let
  host = "grafana.hackens.org";
  port = 3033;

in

{
  services = {
    grafana = {
      enable = true;

      settings = {
        database = {
          type = "postgres";
          user = "grafana";
          host = "/run/postgresql";
        };

        server = {
          domain = host;
          enable_gzip = true;
          enforce_domain = true;
          http_port = port;
          root_url = "https://${host}";
          router_logging = true;
        };

        users = {
          default_theme = "system";
          default_language = "en-GB";
        };
      };
    };

    postgresql = {
      enable = true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [
        {
          name = "grafana";
          ensureDBOwnership = true;
        }
      ];
    };

    nginx.virtualHosts.${host} = {
      enableACME = true;
      forceSSL = true;

      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString port}";
        proxyWebsockets = true;
        recommendedProxySettings = true;
      };
    };
  };
}