{ config, pkgs, ... }:
let
  my = config.my;
  realm = "ClubReseau";
in
{
  services.netdata.enable = true;

  services.oauth2_proxy = {
    enable = true;
    keyFile = config.age.secrets.oauth2ProxyKeyFile.path;
    provider = "keycloak";
    email.domains = [ "*" ];
    setXauthrequest = true;
    scope = "profile";
    loginURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/auth";
    redeemURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/token";
    profileURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
    validateURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
    redirectURL = "https://monitoring.${my.subZone}/oauth2/callback";
    reverseProxy = true;
    passHostHeader = true;

    nginx = {
      virtualHosts = [ "monitoring.${my.subZone}" ];
    };
  };

  services.nginx = {
    enable = true;

    virtualHosts."monitoring.${my.subZone}" = {
      enableACME = true;
      forceSSL = true;

      locations."/".proxyPass = "http://localhost:19999";
    };
  };

  # services.smartd = {
  #   enable = true;
  #   extraOptions = [ "-A /var/log/smartd/" ]; # For netdata
  # };
}