{ pkgs, lib, config, ... }:
let
  mkKanboardPlugin = { name, url, hash ? null }: pkgs.fetchzip {
    inherit name url;
    sha256 = if hash == null then lib.fakeHash else hash;
  };
  plugins = map mkKanboardPlugin [
    { name = "Milestone"; url = "https://github.com/oliviermaridat/kanboard-milestone-plugin/releases/download/1.1.2/Milestone-1.1.2.zip"; hash = "sha256-NrkMvk/5NdVokKQTYoZajdNEt5athjEzXVgrSHBdQ4w="; }
    { name = "MarkdownPlus"; url = "https://github.com/creecros/MarkdownPlus/releases/download/1.1.0/MarkdownPlus-1.1.0.zip"; hash = "sha256-BMzEaj47NnLvatEgUbKeibiWf9G+B4EFlVYhDNqk+y4="; }
    { name = "MetaMagik"; url = "https://github.com/creecros/MetaMagik/releases/download/1.5.1/MetaMagik-1.5.1.zip"; hash = "sha256-8y8+YvS5MAzRt4VVECQK0vQk6oA4Jbxn+2jWQ8nP3gU="; }
    { name = "OAuth2"; url = "https://github.com/kanboard/plugin-oauth2/releases/download/v1.0.2/OAuth2-1.0.2.zip"; hash = "sha256-L0df8bwPCxHjVOCNiVp+dqVsqJ0CEuJbHzwv5sYprIU="; }
    { name = "HighlightCodeSyntax"; url = "https://github.com/kenlog/HighlightCodeSyntax/releases/download/v1.0.3/HighlightCodeSyntax-v1.0.3.zip"; hash = "sha256-c4bV1gGVNUjHOJKBI6QxsV72mAzcEgjqv8r62ebpPdU="; }
    { name = "Group_assign"; url = "https://github.com/creecros/Group_assign/releases/download/1.7.12/Group_assign-1.7.12.zip"; hash = "sha256-ijI8nIIqsK8Pr1iEfCBUeUD3dlsIfmkOP0xC39JkIAs="; }
  ];
  pluginsDirectory = pkgs.linkFarmFromDrvs "kanboard-plugins" plugins;
  secretsPath = config.age.secrets.kanboard-secrets.path;
  kanboardConfig = pkgs.substituteAll {
    name = "kanboard-config.php";
    src = ./kanboard-config.php;
    inherit secretsPath;
    inherit pluginsDirectory;
  };
  package = pkgs.kanboard.overrideAttrs (old: {
    installPhase = ''
      ${(old.installPhase or "")}
      runHook postInstall
    '';

    postInstall = ''
      ${pkgs.xorg.lndir}/bin/lndir ${pluginsDirectory} $out/share/kanboard/plugins
    '';
  });
in
{
  environment.systemPackages = [
  ];
  services.phpfpm.pools.kanboard = {
    user = "kanboard";
    group = "kanboard";
    settings = {
      "listen.group" = "nginx";
      "pm" = "static";
      "pm.max_children" = 4;
    };
  };
  users.users.kanboard = {
    isSystemUser = true;
    group = "kanboard";
  };
  users.groups.kanboard = {};

  services.nginx = {
    enable = true;
    virtualHosts."todo.beta.rz.ens.wtf" = {
      enableACME = true;
      forceSSL = true;
      root = pkgs.buildEnv {
        name = "kanboard-configured";
        paths = [
          (pkgs.runCommand "kanboard-over" {meta.priority = 0;} ''
            mkdir -p $out
            for f in index.php jsonrpc.php ; do
              echo "<?php require('$out/config.php');" > $out/$f
              tail -n+2 ${package}/share/kanboard/$f \
                | sed 's^__DIR__^"${package}/share/kanboard"^' >> $out/$f
            done
            ln -s /var/lib/kanboard $out/data
            ln -s ${pluginsDirectory} $out/plugins
            ln -s ${kanboardConfig} $out/config.php
          '')
          { outPath = "${package}/share/kanboard"; meta.priority = 10; }
        ];
      };
      locations = {
        "/".index = "index.php";
        "~ \\.php$" = {
          tryFiles = "$uri =404";
          extraConfig = ''
            fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket};
          '';
        };
      };
    };
  };
}