dotfiles/platforms/nixos/modules/nmasur/presets/services/mathesar/mathesar.nix

{
  config,
  pkgs,
  lib,
  ...
}:

let
  inherit (config.nmasur.settings) hostnames;
  cfg = config.nmasur.presets.services.mathesar;
in

{

  options.nmasur.presets.services.mathesar = {
    enable = lib.mkEnableOption "Postgres web UI";
    port = lib.mkOption {
      type = lib.types.port;
      description = "Port to use for the localhost";
      default = 8099;
    };
  };

  config = lib.mkIf cfg.enable {

    systemd.services.mathesar = {
      description = "Postgres web UI";
      after = [
        "network.target"
        "postgresql.target"
      ];
      requires = [
        "mathesar-secret.service"
        "mathesar-postgres-secret.service"
      ];
      wantedBy = [ "multi-user.target" ];
      environment = {
        POSTGRES_HOST = "127.0.0.1";
        POSTGRES_DB = "mathesar_django";
        POSTGRES_USER = "mathesar";
        # POSTGRES_PASSWORD = "none";
        POSTGRES_PORT = "5432";
        ALLOWED_HOSTS = "*";
        SKIP_STATIC_COLLECTION = "true";
        DEBUG = "true";
      };
      serviceConfig = {
        Type = "simple";
        DynamicUser = true;
        StateDirectory = "mathesar";

        EnvironmentFile = [
          config.secrets.mathesar.dest
          config.secrets.mathesar-postgres.dest
        ];
      };
      preStart = "exec ${pkgs.nmasur.mathesar}/bin/mathesar-install";
      script =
        let
          args = [ "--bind=127.0.0.1:${builtins.toString cfg.port}" ];
        in
        ''
          exec ${pkgs.nmasur.mathesar}/bin/mathesar-gunicorn ${toString args}
        '';
    };

    secrets.mathesar = {
      source = ./mathesar.age;
      dest = "${config.secretsDirectory}/mathesar";
      owner = builtins.toString config.users.users.postgres.uid;
      group = builtins.toString config.users.users.postgres.uid;
    };
    secrets.mathesar-postgres = {
      source = ./mathesar-postgres.age;
      dest = "${config.secretsDirectory}/mathesar-postgres";
      owner = builtins.toString config.users.users.postgres.uid;
      group = builtins.toString config.users.users.postgres.uid;
    };

    # Allow web traffic to Caddy
    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.mathesar ]; } ];
        handle = [
          {
            handler = "reverse_proxy";
            upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ];
          }
        ];
      }
    ];

    # Configure Cloudflare DNS to point to this machine
    services.cloudflare-dyndns.domains = [ hostnames.mathesar ];

  };
}