{ config, lib, ... }:
let
  port = 3030;
in
{
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "drone.io"
    "drone-runner-exec"
  ];

  services.drone-server = {
    enable = true;
    env = [
      "DRONE_USER_CREATE=username:raito,admin:true,machine:false"
    ];
    envFile = config.age.secrets.droneKeyFile.path;
    inherit port;
  };

  services.nginx.virtualHosts."drone.rz.ens.wtf" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString port}";
    };
  };
}